OpenSSO Enterprise administrators with appropriate permissions can terminate a user session at any time. When an administrator uses the Sessions tab in the OpenSSO Enterprise console to end a user’s session, the following events occur:
The Logout Service receives the Logout request, and:
Marks the user’s session as destroyed.
Destroys the session.
The Session Service notifies applications which are configured to interact with the session. In this case, each of the policy agents was configured for Session Notification, and each is sent a document instructing the agent that the session is now invalid.
The policy agents flush the session from cache and the user session ends.