The way logout is handled depends on whether it is initiated from the Business Control Center or the Workbench.

If a user logs out from the Business Control Center, the standard Core Commerce logout process is invoked, and the current Core Commerce session is terminated. The user request is then redirected to the Commerce SSO logout URL, so that the Commerce SSO session is also terminated. To accomplish this, the InternalProfileFormHandler.logoutSuccessURL and ControlCenterService.logoutSuccessURL properties are configured to hold the Commerce SSO logout URL. If the SSO session includes a Workbench session, the Commerce SSO server terminates the Workbench session by sending a callback URL.

If a user logs out of the Workbench, the Commerce SSO session is terminated. The Core Commerce logout process must then be triggered as well. As part of the initial request to validate the service ticket and request URL (see above), the Commerce SSO Server is sent a logout parameter populated with a logout callback URL. This parameter is used by the SSO Server to initiate a logout from the Core Commerce session after the SSO session has been terminated by the user logging out of the Workbench. The LightweightSSOServlet detects such logout requests and invokes the logoutUser() method of the /atg/userprofiling/ProfileServices component to handle logging out the user.