> The SendTicketGrantingTicketAction does destroy the TGT, but it does not > send a single-sign-out signal to services registered by principal X.
Based on my code review, that's incorrect. Here is the call chain: 1. SendTicketGrantingTicketAction#doExecute(...) 2. CentralAuthenticationServiceImpl#destroyTicketGrantingTicket(...) @ line 49 3. TicketGrantingTicketImpl#expire() @ line 143 4. TicketGrantingTicketImpl#logOutOfServices() @ line 131 5. AbstractWebApplicationService#logOutOfService(...) @ line 119 6. HttpClient#sendMessageToEndPoint(...) @ line 147 In summary, destroying the TGT triggers the SAML LogoutRequest to all services bound to a TGT. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
