Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ADFS 2.0 Web app signout

We are using a customer ASP.NET button to signout of our web app which uses ADFS for authentication. We've tried several options to try and get the app to signout properly but nothing seems to work.

It generally takes you to the signout page on the federation server which says you have been signed out properly but if you hit back you can still access the web app.

Tried: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0

https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL} etc

Has anyone got this to work properly?

Thanks for your time

like image 947
JeremyBeadle Avatar asked Jul 08 '11 10:07

JeremyBeadle


People also ask

How do I logout of ADFS?

On clicking "logout" the URL is redirected to the ADFS logout page defined in the -logouturl value. You cannot access Resilient without going through the SAML authentication mechanism again.

How do I enable SSO in ADFS?

Click Settings in the sidebar. Click the Authentication tab and then turn the Enable SAML SSO toggle switch to ON. Once this is turned on, a form will appear. You will need to collect information from ADFS and enter it into this form.

How does SSO with ADFS work?

How Does ADFS Work? ADFS uses a claim-based authentication, which verifies a user from a set of “claims” about their identity from a trusted token. ADFS then gives users a single prompt for SSO, allowing them to access multiple applications and systems even if they reside on different networks.


1 Answers

As I understand you just redirect the user to the ADFS with the appropriate wssignout action. This won't delete the authentication cookie created for your application, so the user stays logged on.

I use the WSFederationAuthenticationModule to trigger federated signout:

string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/") + 1);
WSFederationAuthenticationModule.FederatedSignOut(null, new Uri(replyUrl));

I am replying back to the application because I want to be sure that the user is signed out.

Hope this helps.

like image 64
shizik Avatar answered Oct 08 '22 10:10

shizik