We integrated the JOSSO with our applications & it is working fine in terms of authenticating the user for all the registered applications.
The question I have is that once the user logs out using the Josso logout component, will it invalidate the application session too?
Here is the situation :
1. User "ABC" opens a new browser, logs in, the application gets user id & instantiates the user bean.
2. User "ABC" logouts & now user "XYZ" logs in from the same browser (without closing the earlier one) & as the application session is still active, I see the user bean still displaying "ABC" instead of "XYZ".
JOSSO forums may help you.