ADFS SAML Single Logout

adfs federated

Solution 1:

A bit late but hope it helps someone. The NameID has a role to play here. Did you see this quote in the "Using AD FS 2.0 as the SAML 2.0 Identity Provider for the Service Provider Sample" readme step 3?

"Note:

· A NameIdentifier claim is not included in the outgoing claim from AD FS by default. This can be added as a Claim transformation rule. This is necessary for logout to perform correctly. "

Was the partner IDP sending a NameID and was your ADFS configured to send a NameID to the RP App? I have configured your very same setup where my IDP and RP STS are both ADFS and this works fine.

Please note the WIF SAML extensions CTP is not supported at this stage. I am assuming this is not a production setup?

Windows Server 2012 AD FS 2.1 is not required for this to work. Although it has some nice extra features coming in the 8.1 server release that might influence your upgrade decisions :)

Related

What are some main specs to look for when choosing enterprise routers?
haproxy and keepalived on Amazon EC2
npm install, but can't run
Where should I setup a staging environment in Amazon VPC? And testing?
PHP-FPM is not displayed in phpinfo()
Linux mdadm --grow RAID6: Something wrong - reshape aborted
BIND issue: nsupdate unable to update reverse zone
Problems setting a cookie from a machine proxied by nginx
Error Trying to Remotely Manage Hyper-V 2012 from Windows 8 Pro Without a Domain
Debian package creation: binary-arch and binary-indep targets
How to configure rsyslog to log into PostgreSQL without too much latency?
postgres 9.1 master-master setup using Bucardo