Hello Wolfgang - Been trying to debug this issue for a week now without success. So, here is some more info. for you on the logout. Setup: Testing the Java EE JBoss agent with opensso server and a sample app that ships with the agent bits. using JBOSS 5.0.0.GA (jdk6 build) On a high level, the logout involves the following steps: -> Detects the need for logout by intercepting the request -> Calls the container specific logout handler -> Even if the logout handler fails, destroy the local session -> Reset the cookies PS: The same process works fine for Tomcat container (no exception thrown) But, everytime we try to logout (when app deployed in JBoss), we get this java.lang.IllegalStateException: Security context is null (thrown from CoyoteAdapter.service() method. Complete stack trace available in previous post) I am going to try the same thing with JBoss5 (not the kdk 6 build) and see if that makes any difference. Any help/lead will be greatly appreciated. Thanks View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4221663#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...