ADFS SAML Single Logout

Solution 1:

A bit late but hope it helps someone. The NameID has a role to play here. Did you see this quote in the "Using AD FS 2.0 as the SAML 2.0 Identity Provider for the Service Provider Sample" readme step 3?

"Note:

· A NameIdentifier claim is not included in the outgoing claim from AD FS by default. This can be added as a Claim transformation rule. This is necessary for logout to perform correctly. "

Was the partner IDP sending a NameID and was your ADFS configured to send a NameID to the RP App? I have configured your very same setup where my IDP and RP STS are both ADFS and this works fine.

Please note the WIF SAML extensions CTP is not supported at this stage. I am assuming this is not a production setup?

Windows Server 2012 AD FS 2.1 is not required for this to work. Although it has some nice extra features coming in the 8.1 server release that might influence your upgrade decisions :)