Hi Glen, It has been a while. I hope you are doing well. <<< While it may "let user pass through without prompting credentials", the user still cannot do any meaningful functionality, correct? I.e., any updates/new reads/writes, etc.? The user is just seeing static info from the time he did have a connect, right? >>>
When I call http session invalidate (), it only takes care of removing cookies for my application. It can't remove cookies with STS. So, since cookies with STS is still alive, user is not prompted any credentials (this is after user logout, try to logon using same browser) and he/she is authenticated and create a new session with my application gain. This gives user impression, he never clicked logout request. I was thinking of, if we can send a logout request to STS when user logout from the application. How does Fediz support single log out? I think that I asked this question before, but don't remember what was the answer. Thanks. Gina -- View this message in context: http://cxf.547215.n5.nabble.com/Logout-from-Fediz-from-single-web-application-tp5713780p5714356.html Sent from the cxf-user mailing list archive at Nabble.com.
