I configured the sso preauth
I configured the
<property name="principalRequestHeader" value="ct-remote-user" />
and this is correctly picking up the user to establish the session. The issue is if the user ends his sso session and starts a new one - the session on the app server (running the spring stack) still has an existing session and it does not seem that the value of this ct-remote-user is checked after the initial session is established. So the user will rejoin under the prior id.
Attached is a solution we worked on with Stefan from support. This could be improved upon as we found we needed to fully cleanup the session itself.
In test this is a verey common occurance and also for us we use different instances of the SSO for the development areas, so it helps when switching between QA and Prod environments.