Current behavior

As a user with an existing account linked to a third-party IDP:

• go to the account console and log in with a third-party IDP
• in the account console, go to "Account security > Linked accounts"
• click on the "Unlink account" button
• user is not logged out of the IDP

Proposal

When a user unlink his account (using the "Unlink account" button in the account console), the user is automatically logged out of the IDP.

For OIDC third-party IDP, when a user click on the "Unlink account" button:

• a DELETE HTTP request is sent to the REST API endpoint /realms/<realm>/account/linked-accounts/<idp-name> to unlink the account
• (proposal) once this is done and only if the user has an active session with this IDP: the account console could redirect the user to the IDP Logout Endpoint with a post_logout_redirect_uri parameter so that the user is redirected back to the account console

I don't know if something similar could be done with a SAML IDP.