I am working in a IdP-initiated project and we are the SP part.
1. As the Service Provider part, how the SP verifies if the login token is valid?
2. If the user authenticates and then closes the tab and opens a new one, is the authentication process saved or do they have to be authenticated again? In case you do not have to re-authenticate, how do you keep the authentication, with cookies?