I already configured the guest without permissions at all - even before i started with SSO ;-)
There is no redirect necessary either. The forum is within a support environment. When the user clicks on "logout" the /user/logout is being called.
Yet it's confusing to the logged on users / admins / moderators to see a growing list of guests on the forum. Especially our customers do not know about the security constraints for guest users and may wonder if their information is really save.
When I work on the forum again I'll invalidate the session after logout in case of SSO usage.
Thanks for your input
[originally posted on jforum.net by Sid]