fix: send the backchannel logout event only if a session exists

[fschade]

Description

The backchannel logout event should only be send if a session is known/identified, if not (only the subject is known) we wait till the oidc token expires. The behavior is still not perfect, this is open for discussion how we handle such cases, cc: @rhafer

Related Issue

• https://github.com/opencloud-eu/internal/issues/246
• resolve logout token subject:sessions for the idp backchannel logout #2328
• Backport backchannel logout #2407

Motivation and Context

The logout event was sent to all clients even if the session still existed in the IDP, which resulted in the "re-login" page being displayed in the web client even though the session was still active.

How Has This Been Tested?

• unit tests
• ci
• local tests (local keycloak)

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation added

[sonarqubecloud]

Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud