You'll need a mechanism to iterate thru all each context which authenticate with SSO tokens
then for each context discovered cause SSOlogout for each jsp/servlet page..
assuming logout is mapped as seen in the declarator below
public void signOut(){
//Assume Faces
FacesContext ctx = FacesContext.getCurrentInstance();
ExternalContext ectx = ctx.getExternalContext(); //Acquire the response
HttpServletResponse response = (HttpServletResponse)ectx.getResponse();
try {
globalSSOSignout(response);
} catch (IOException e){
System.out.println("global SSO signout exception");
}//ensure the LOGIN is no longer accessible
ctx.getExternalContext().getSessionMap().remove(LOGIN);
ctx.responseComplete();//always do this dead last
HttpSession session = (HttpSession)ectx.getSession(false);
session.invalidate(); }
public void globalSSOSignout(HttpServletResponse response) throws IOException{
response.setHeader( "Osso-Return-Url",
http://logout/logout);
response.sendError( 470, "Oracle SSO" );
}
<servlet-mapping>
<servlet-name>Logout</servlet-name>
<url-pattern>/logout</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Logout</servlet-name>
<servlet-class>your.package.name.Logout</servlet-class>
</servlet>
http://forums.oracle.com/forums/thread.jspa?threadID=371543&tstart=180
http://forums.oracle.com/forums/thread.jspa?threadID=672191
Mit Fruendlichen Gruben,
Martin
______________________________________________
Verzicht und Vertraulichkeitanmerkung
Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen.
> Date: Sun, 6 Jun 2010 08:40:19 -0700
> From: glassfish_at_javadesktop.org
> To: users_at_glassfish.dev.java.net
> Subject: Re: how to Logout with SSO enable
>
> HttpServletRequest is interface so how can I use logout?
> and request instane doesn't have logout method too.
> do have any idea?
> [Message sent by forum member 'javadevil']
>
> http://forums.java.net/jive/thread.jspa?messageID=473019
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
_________________________________________________________________
The New Busy is not the too busy. Combine all your e-mail accounts with Hotmail.
http://www.windowslive.com/campaign/thenewbusy?tile=multiaccount&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_4