Inquiry Regarding Azure AD Support for Signed Logout Response and Certificate Usage

EAA SQA 0 Reputation points
2024-04-05T07:24:03.15+00:00

I am writing to inquire about the support and configuration details related to the Single Logout (SLO) functionality in Azure Active Directory (Azure AD).

Specifically, I would like to confirm whether Azure AD supports Signed Logout Response as part of its Single Logout feature. If so, I am interested in understanding which certificate is utilized for signing the logout responses.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,547 questions
0 comments

8 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Fabio Andrade 640 Reputation points Microsoft Employee
    2024-04-05T23:00:00.31+00:00

    Hi @EAA SQA

    Thanks for reaching out to Microsoft Q&A.

    Yes, Entra ID (former Azure AD) does support Single Sign Out for SAML applications.

    The documentation below has the flow and the details about how the communication between the app and Entra occurs after user clicks on "sign out" button. The certificate used is the token signing one which is created when the Application object is added on Entra ID:

    https://learn.microsoft.com/en-us/entra/identity-platform/single-sign-out-saml-protocol

    User's image

    You'll find more information about the sign in certificate in the documentation below:

    https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/certificate-signing-options

    Let me know if you have further questions.

    Thanks,

    Fabio

    0 comments
  2. Fabio Andrade 640 Reputation points Microsoft Employee
    2024-04-08T22:14:57.55+00:00

    Hi @EAA SQA

    I just wanted to check in and see if you had any other questions or if you were able to resolve your issue.

    If you have any other questions, please let me know.

    Thanks,

    Fabio

    0 comments
  3. Fabio Andrade 640 Reputation points Microsoft Employee
    2024-04-10T23:04:20.8+00:00

    Hi @EAA SQA

    I just wanted to check in and see if you had any other questions or if you were able to resolve your issue.

    If you have any other questions, please let me know.

    Thanks,

    Fabio

    0 comments
  4. Fabio Andrade 640 Reputation points Microsoft Employee
    2024-04-12T22:08:57.32+00:00

    Hi @EAA SQA

    I just wanted to check in and see if you had any other questions or if you were able to resolve your issue.

    If you have any other questions, please let me know.

    Thanks,

    Fabio

    0 comments
  5. EAA SQA 0 Reputation points
    2024-04-16T04:53:57.1266667+00:00

    Hi @Fabio Andrade ,

    Thanks for your reply.
    Could you please provide more info on SAML LogoutResponse?

    Is it possible to send the signed logout response from Azure AD ?
    If yes, then can you help us with the guidance page or any reference.

    Thanks,
    Shekhar Chandra

    0 comments