I'm currently using AS7 CRb1 and i'm trying to add some SSO to a couple web apps i have.

I've set up a security domain and added the <sso reauthenticate=false /> tag to my standalone.xml

and i've added

<security-domain>*******</security-domain>

   <valve>

        <class-name>org.apache.catalina.authenticator.SingleSignOn</class-name>

    </valve>

to my jboss-web.xml

from one web.xml:

<login-config>

        <auth-method>FORM</auth-method>

        <realm-name>*******</realm-name>

        <form-login-config>

            <form-login-page>/login.jsf</form-login-page>

        </form-login-config>

    </login-config>

from the other web.xml

<login-config>

        <auth-method>FORM</auth-method>

        <form-login-config>

            <form-login-page>/pages/Secure/login.jsp</form-login-page>

            <form-error-page>/pages/Secure/login.jsp?error=true</form-error-page>

        </form-login-config>

    </login-config>

in both web apps i call response.login()  and authenticate fine.  logging into one will log the other site in as well. 

the problem happens when i try to log out by call reponse.logout()   it doesn't seem to work.  i do not get an error in the console and code that redirects after the logout is called successfully. 

i've tried to use just <sso />  but it actually disappears when loaded, and <sso reauthenticate=true/>  but then sso doesn't work

i've noticed that when request.logout happens  request.getPrincipal is null,  but on the next request it is there again

thanks in advance for the help

-Luke