ADFS 2.0 Web app signout

JeremyBeadle picture JeremyBeadle · Jul 8, 2011 · Viewed 15.1k times · Source

We are using a customer ASP.NET button to signout of our web app which uses ADFS for authentication. We've tried several options to try and get the app to signout properly but nothing seems to work.

It generally takes you to the signout page on the federation server which says you have been signed out properly but if you hit back you can still access the web app.

Tried: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0

https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0&wreply={post-sign-out_landing_URL} etc

Has anyone got this to work properly?

Thanks for your time

Answer

shizik picture shizik · Jul 8, 2011

As I understand you just redirect the user to the ADFS with the appropriate wssignout action. This won't delete the authentication cookie created for your application, so the user stays logged on.

I use the WSFederationAuthenticationModule to trigger federated signout:

string absoluteUrl = HttpContext.Request.Url.AbsoluteUri;
string replyUrl = absoluteUrl.Substring(0, absoluteUrl.LastIndexOf("/") + 1);
WSFederationAuthenticationModule.FederatedSignOut(null, new Uri(replyUrl));

I am replying back to the application because I want to be sure that the user is signed out.

Hope this helps.