On 26 Jun 2015, at 6:11 am, chenkeong.yap(a)izeno.com wrote: Hi, iam using picketlink sp filter to secure my applications. when performing global logout, sp session is invalidated but individual application session still alive. In order to invalidate application session, i need the jsessionid. so do i need to store the jsessionid and userid mapping in keycloak and how that can be done? Regards, CK Yap