If we click logout link in any of the client application it should go to CAS, invalidate the session and then redirect to KC logout service but passing the URL to the client application to which KC will then return the user's browser.