Update IdP-initiated logout to use SAML2 Store
    
    This moves the order in which the "fake" session is created and
    it gives it a unique ID rather than using a fixed value.
    
    Rely on the LogoutRequest request ID so we can get the
    order of logout correct.
    
    The basic idea is a logout request is created for the IdP
    containing the URL of the IdP itself as the RelayState. A
    session is picked and a LogoutRequest generated and sent.
    
    There will be a LogoutRequest/LogoutResponse back and forth
    until there are no more sessions to log out. The last
    session will be this "fake" session that started it all
    and the user will be redirected to the main page of the IdP.
    
    https://fedorahosted.org/ipsilon/ticket/90
    
    Signed-off-by: Rob Crittenden <rcritten@redhat.com>
    Reviewed-by: Patrick Uiterwijk <puiterwijk@redhat.com>