I configured the logout endpoint (URL) in the relying party trust as:
https:\abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0
With POST binding
I also changed the default SingleLogoutService node value in the federation metadata from its default to the same link as the end point URL configured at ADFS. Without renaming it was giving error while sending the logout request.
Now, after configuration, the ADFS does say it logged out successfully and displays its logout page but users can still login without having to provide creadentials and it seems that the previous creadentails are still being cached.
Also, it is not redirecting to the response URL (I have set the response URL as:) https:\abstractmachine.domain.local/webapp/logout.aspx
SAML logout not working in ADFS 2.0
I configured the logout endpoint (URL) in the relying party trust as:
https:\abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0
With POST binding
I also changed the default SingleLogoutService node value in the federation metadata from its default to https//abstractmachine.domain.local/adfs/ls/?wa=wsignout1.0. Without renaming it was giving error while sending the logout request.
Now, after configuration, the ADFS does say it logged out successfully and displays its logout page but users can still login without having to provide credentials and it seems that the previous credentials are still being cached. Am i missing some settings or is there any other method for logging out of ADFS with SAML request?
Also, it is not redirecting to the response URL after logout
The logout request that I am using is as below:
<?xml version="1.0" encoding="UTF-8"?> <samlp:LogoutRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="_a8b394ff-a850-484d-91a1-2daeeeb35b52" Version="2.0" IssueInstant="2016-07-04T13:19:02.582Z" Destination="https://nsv-adfsbal.dristi.local/adfs_app/IdPLogOutResponse.aspx" Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified" NotOnOrAfter="2016-07-04T13:24:02.582Z"> <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://nsv-adfsbal.dristi.local/adfs/services/trust</Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#_a8b394ff-a850-484d-91a1-2daeeeb35b52">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>knf74cRA51WBnpL3ZvPolhWHY90=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>c7VpbqOi0iRaRjfP8EUrS1GS0ne8MA4uW26GA62b5YwHlIHjC91fTfv4r/IuXONs7ny3J8c/If+jKK3dpttesmYmv1kq3p16o5IxlAEwoZKrBDsaWu+JxZ6xZV1dQ2y+vvPL1cCUwa9FobUXwx5SYx29SHJbHhwe81u5fCCwBa2TPj9gbzekJoKy3JeayCzfw8Bl7CPMfM/aDNgNyOpjZ+Lwvm7mk4ejvwbOSFsFBYToVMnWmeZGkwbnyYvuLrywdxxLN1R0JB/St4mbOpki9As4ndIwiNKUF311NM13QNzCAiI3rvf25EyJf2dOujqxtW7UMat5Yju22IgCBOKbxA==</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<ds:X509Data>
<ds:X509Certificate>MIIC7DCCAdSgAwIBAgIQPm2vN8ge2IxCDYSffnDWbjANBgkqhkiG9w0BAQsFADAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBuc3YtYWRmc2JhbC5kcmlzdGkubG9jYWwwHhcNMTUxMTI2MDYxMTQxWhcNMTYxMTI1MDYxMTQxWjAyMTAwLgYDVQQDEydBREZTIFNpZ25pbmcgLSBuc3YtYWRmc2JhbC5kcmlzdGkubG9jYWwwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCeezsC3zzG3CqW7fOSEC/qcnwAaK/UFn1OwMlATGujg4d5veYQAxq9U6c1mZ1v6vSzqg2i7a+/3wop7pk8pwHkqOmepM4mxgwrVMA8PqVrYEDDoWXv4EP1YCpEF2WZl2Oc2P0ttLHVIdtk4ItWoMk5Ag65uR1FkMC0DrdA4jeo5YQLo+sEyu8NBiUdKsdNdTXVSOT68dG3P8CG1gTsq8Mr+B0QHH+2e96DopuE59k13DrPw1YNKOk1MISRydYEItRWRHSCZp5RpC7ATf8b95fR9W9OtjC2vPHD1IFJYf8EiUB15ei94AMb5ImAE2DqGh8WGD9MeVUnSFHCX4XNq85ZAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAARUaNFCRal6Mctt4++P2jX77U8lXby7Bk3HmPi8GmTIZyP+dkOL4F/SZ0EC1TGhfaTpQKT3sTRYnCYsQiVzozaQp0eQGs4mlRAqqF6OHnB8ndDYPDE85XSYP4K2FDI/bzP2v2aowGHuZfyONvzgPF5NNtSl7ECo6DPEpSQ15DhTxfkC/YvJteiBhvY+2ij2+2fisl1i8GYzv/E8WnBvF4tJ9rI0EXC4GJ3Az2X+TgJF60Gqf+V2Jqc2KEqLqtG9nLQ1QU5uqS30lsz6m8LrSQkKvUi+RtSlg+rxA+D6hXGMwqfVQbR6yTrYLoyV5Z1zKmS0VXHXellq0Ltmejf6spg=</ds:X509Certificate>
</ds:X509Data>
</KeyInfo> </ds:Signature> <NameID xmlns="urn:oasis:names:tc:SAML:2.0:assertion">user.name@user.local</NameID> <samlp:SessionIndex>_7235ddb0-9fca-4545-9c57-aecdfa4b8eb2</samlp:SessionIndex> </samlp:LogoutRequest>
