I have been able to get the Workspace Single Sign On feature to work, but now users can't logout of Workspace. It looks like the logout link logs the user out and redirects to the login page, which sees the SSO HTTP headers and logs the user back in.
Does anyone know of a way to correct this behavior?
This behaviour is as designed. If Workspace is configured for SSO then a Workspace logout has no real purpose. You would need to logout of the SSO session.
Is there a way to remove the "Logout" link from the top menu when single sign on is enabled?
Unfortunately there is no clean way to detect for SSO. The only thing I can propose is if this is a pure SSO environment then you can remove the logout button in Workspace and recompile/deploy the app.
Yes with LC ES Update 1 (or 8.2.1) its possible to have SSO with Windows domain logon.
The documents explaining that are currently avialable through prerelease site. If you are part of pre-release program you can access it under documentation at User Management > Enabling SSO in LiveCycle ES > Enabling SSO using SPNEGO