For the the log-out mechanism, as my understanding, we have two choices at Idp end, one is LLO(local logout), another one is GLO (global logout). But the LLO seems like only to update Idp that the SP's session's ended, but it won't further kill the user's login session in Idp. However, if we adopt GLO, then it has no choice but kills all the SPs and Idp's session.
I wonder if there's some thing in between that when a certain SP is logged out and calls the Idp log-out jss, it will only end Idp's session but not to kill the valid session in other SPs.
Actually, LLO means end session at the SP side. So you are still have valid SSO session. However, if you hit the SP again right after a LLO, you'll be redirect to the IdP and as your session is still valid, you are going to be logged in in the SP again.
I'm afraid PicketLink does not support what you are looking for. Kill IdP session only and leave SP sessions intact.