question

NitzanHarel-2457 avatar image
0 Votes"
NitzanHarel-2457 asked ·

ADFS Error upon logout (SAML)

Is there any difference between what ADFS and Azure support with respect to logout requests (is there a configuration on the ADFS side that needs to be set, does the SAML request need to include/exclude/get signed/etc. when sending to ADFS vs. Azure)?

adfs
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

piaudonn avatar image
0 Votes"
piaudonn answered ·

There is generally a configuration to set on the Relying Party Trust in ADFS. A log-out endpoint has to be provided.


· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks @piaudonn - see my additional comment

0 Votes 0 ·
NitzanHarel-2457 avatar image
0 Votes"
NitzanHarel-2457 answered ·

I believe that the logout endpoints are configured correctly but I don't think this is it because I am not seeing those endpoints (the logout ones) being called even.
And from the ADFS logs, we can observe the following error:

The verification of the SAML message signature failed.
Message issuer: XXXXX
Exception details:
MSIS7084: SAML logout request and logout response messages must be signed when using SAML HTTP Redirect or HTTP POST binding.

This request failed.



Does this help?

·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.