locked
Issue with Single Logout RRS feed

  • Question

  • Hello,

    I am using ADFS 2.0 rollup 3 as an IdP with Cisco WebEx as the SP.  Thus far sign in, auto account creation and auto account update are all working great.

    I am trying to get WebEx single log out working.  Indeed it is working, but there is one feature that does not behave as I expect it to.

    I have configured my WebEx site that the single logout URL is:

    https://adfs.domain.tld/adfs/ls/?wa=wsignout1.0

    I have configured a SAML Logout Endpoint in ADFS in my RP for Cisco WebEx as such:

    Type: SAML Logout
    Binding: POST
    URL: https://adfs.domain.tld/adfs/ls/?wa=wsignout1.0
    Response URL: https://site.webex.com/

    My RP Identifier is “https://site.webex.com”.

    I would expect that after signing me out, I would get redirected back to https://site.webex.com as this is set as the Response URL.  But instead I land on the ADFS logout page and go no further.

    What am I missing here?

    Thanks!

    NPM
    Friday, January 24, 2014 3:43 PM

All replies

  • This is single logout for WS-Federation. While, the wa=wsignout1.0 will process the logout request it will not actually log you out in a SAML scenario. For that you need to request logout via the SAML SP and then sign the logout request so that AD FS will process it via the Single Logout endpoint specified on the relying party. As I recall, this assumes the use of a token signing certificate on the WebEx side, which I'm not sure whether it supports.

    Regards,

    Mylo


    http://blog.auth360.net

    Tuesday, January 28, 2014 10:13 PM