We are using a customer ASP.NET button to signout of our web app which uses ADFS for authentication. We've tried several options to try and get the app to signout properly but nothing seems to work.
It generally takes you to the signout page on the federation server which says you have been signed out properly but if you hit back you can still access the web app.
Tried: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0
https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL} etc
Has anyone got this to work properly?
Thanks for your time
On clicking "logout" the URL is redirected to the ADFS logout page defined in the -logouturl value. You cannot access Resilient without going through the SAML authentication mechanism again.
Click Settings in the sidebar. Click the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from ADFS and enter it into this form.
How Does ADFS Work? ADFS uses a claim-based authentication, which verifies a user from a set of “claims” about their identity from a trusted token. ADFS then gives users a single prompt for SSO, allowing them to access multiple applications and systems even if they reside on different networks.
As I understand you just redirect the user to the ADFS with the appropriate wssignout action. This won't delete the authentication cookie created for your application, so the user stays logged on.
I use the WSFederationAuthenticationModule to trigger federated signout:
string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/") + 1);
WSFederationAuthenticationModule.FederatedSignOut(null, new Uri(replyUrl));
I am replying back to the application because I want to be sure that the user is signed out.
Hope this helps.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With