2 issues with ADFS - Logout not working and unable to identify logged in user

Question

Hey everyone.

We've got an ADFS implementation working in our environment and I've got our issues worked down to 2 parts:

1) When the user clicks the button for localLogoff, it sends them back to the login page, but they are able to click the Login button again immediately and are not prompted for credentials.  Is there any way to prevent this?

2)  I am trying to do some customization that requires me to read who's currently authenticated in the ADFS session.  Intermittently, I can get the logged on user by using this statement:

System.Web.HttpContext.Current.User.Identity.Name.ToString();

I can get the logged in user correctly about 1 out of every 7 attempts, but it is completely intermittent and when it doesn't return the name, it returns completely empty.

Any ideas?

Answer 1

1) Wondering if this is good old WIA in action doing SSO behind the scenes? Have you tried setting Forms mode? (Set this in LocalAuthenticationTypes in the ADFS web.config. Just move Forms to the top of the list.)

2) HttpContext.Current.User.Identity should work although in WIF I normally use Thread.CurrentPrincipal.Identity.

You could also configure ADFS to pass the Name through as a claim.

Answer 2

Are you referring to Forms-Based Authentication in IIS or just the web.config file as you noted?

Additionally, I'm trying to sense the logged on user of the ADFS session.  We force our users to login to ADFS, then take them to the IDP Initiated Sign On page to select a resource to launch.  To my understanding, the claims are sent when you launch an application and the SAML request is sent across.  Is that not correct?

Answer 3

I mean the "FormsSignIn.aspx" page in ADFS.

I've never used IDP Initiated Sign On but I think you are correct. (You didn't mention IDP Initiated Sign On in the original question :-) )