We use JBoss SSO. We typically log out by calling
session.invalidate(). But it is possible for a user to try to logout after the session expired. In this case, they can still be authenticated in SSO because the maxEmptyLife hasn't passed, but then there is no session present to invalidate and prompt the log out. How can we log out if there is no session?
The problem is that the user, despite performing the logout operation on one of the applications, is still authenticated by generating unexpected behavior on the system.
- JBoss Enterprise Application Platform (EAP)
- Red Hat Single Sign-On (RHSSO)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.