Hello,

We are testing security and single sign-on in HP Bluestone 8.0 web engine.

We are testing with the <single-sign-on enabled="true"/> option (config/hpas/servlet-service-config.xml):
...
   <container-runtime>
      <single-sign-on enabled="true"/>
...

I can successfully login using form-based login (j_security_check). However when I try to logout using this code:

<%
  session.invalidate();
  response.sendRedirect( "index.jsp" );
%>

the container doesn't log out a user. The user stays logged in. The "JSESSIONID" stays untouched.

How do I logout from the HP Bluestone 8.0 web container, with single sign on option enabled?

Sincerely,
Sergei Batiuk.