Thanks Juraj for your response.
Like you said, yes I can get hold of sign out event, but in order to sign out from the identity server, we need to have a valid token which we do not have. (like I said in my question)
Without signing out from the identity server, even though we sign out from kentico the login event triggers again and logs the user back in. so from the end user perspective, the sign out doesn't even work.
Please let me know if I am not clear.