As in SAML setups you are dealing with information being passed on via your browser:
- from an SP to an IDP as in AuthnRequest
- from the IDP to the SP (after a successfull auth) as in Response
You want to not only explicitly logoff from the SP-side, but check on the IDP-side too => IDP keeps track of what resources you are logged in to.
So even if you think you have logged out of the application make absolutely sure you are also logged out of the IDP- / federated part.
Or as @checkmk_dweb either close all instances of your browser or launch it in an incognito session so that past authentication never gets forwarded to the application when testing.