ADFS 2.0 Web app signout_问答_开发者_运维开发者技术经验分享

开发者 https://www.devze.com 2023-03-18 01:08 出处：网络

We are using a customer ASP.NET button to signout of our web app which uses 开发者_开发知识库ADFS for authentication. We\'ve tried several options to try and get the app to signout properly but nothin

We are using a customer ASP.NET button to signout of our web app which uses 开发者_开发知识库ADFS for authentication. We've tried several options to try and get the app to signout properly but nothing seems to work.

It generally takes you to the signout page on the federation server which says you have been signed out properly but if you hit back you can still access the web app.

Tried: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0

https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL} etc

Has anyone got this to work properly?

Thanks for your time

As I understand you just redirect the user to the ADFS with the appropriate wssignout action. This won't delete the authentication cookie created for your application, so the user stays logged on.

I use the WSFederationAuthenticationModule to trigger federated signout:

string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/") + 1);
WSFederationAuthenticationModule.FederatedSignOut(null, new Uri(replyUrl));

I am replying back to the application because I want to be sure that the user is signed out.

Hope this helps.

For my apps,, using the "?wa=wsignout1.0" URL clears the application FedAuth cookies and the ADFS MSISAuth cookies.

You end up on the "You have signed out" page.

From there, the back button takes you back to the application but if you try and do anything, you are redirected to ADFS to sign in again.

We too had a similar problem. The solution which worked for us recommended to add an Endpoint in the relying party trust in ADFS 2.0 management console. Please follow the below steps:

Add the signout URL in the google configuration (Advanced ) -> SSO -

Log out URL = https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0
Go to the ADFS 2.0 Management console. Under the Endpoints tab, click Add
Endpoint Type = SAML Logout, Binding = POST, URL = https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0 You can set a response URL if you want it to redirect to another page but we like the ADFS site since it warns that you are logged off but you should still close your browser.