Single Sign On - with single Session By User

I use componentspace saml 2 and for now it work’s like a charm but we want to create an feature that ensure 1 (one) single session by user. In other words, when a user, already logged in another place, request new login from another brower or machine, I want that the first browser logout in the Provider plus all Client Applications.

This does not have to be immediate, may happen when the client site needs to revalidate the credentials, however is quite important ensure blocking multiple sessions.

I use Owin to validate user’s from external providers and Asp Identity for user store, but I think this does not affect this case.
tanks in advance

This is outside the scope of the SAML specification and our product. You would need to keep track of every authentication session for every user in a central location. For example, you could store this information in a shared database and check if the user is logged in elsewhere prior to logging them in at any of your applications. However, this would have to be an application specific solution as it’s not something that’s supported by the SAML specification.

SSO is always preceded by a basic user session in which a session is created, its session token is validated, the user is authenticated, and access is allowed.