question

gdxyz avatar image
0 Votes"
gdxyz asked gdxyz commented

Azure B2C - SAML Logout



I am trying to understand how to perform a logout in Azure B2C (I have a custom policy setup for SAML authentication), from my understanding there are two types of bindings, HTTP-Post and HTTP-Redirect. I checked the metadata file and it has both listed. I assume I can simply log-out the user by redirecting them to the URL listed is the metadata file:

 <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1A_signup_signin/samlp/sso/logout" />

When I do that, I get a generic Azure error page:

Sorry, but we're having trouble signing you in. We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.

Why does it even say "signing you in", I am not sure. Am I doing something incorrectly here?

Is there more information I should be passing? I even tried using the post_logout_redirect_uri query string param and that doesn't work either.

azure-ad-b2c
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Just following up on this if anyone has an opinion on how to resolve it. I am using Azure B2C w/ SAML. We only have one application that is configured to work with this tenant directory. The user is logged out of the SP but I am having issues removing the cookie from tenant.b2clogin.com

Thank you!

0 Votes 0 ·

1 Answer

amanpreetsingh-msft avatar image
0 Votes"
amanpreetsingh-msft answered gdxyz commented

Hi @gdxyz · Thank you for reaching out.

You may refer to the SAML LogoutRequest.cs file for this purpose. Here is the entire Sample that we have published for SAML Test Application federated with Azure AD B2C configured as SAML IDP.

Upon calling the logout url, the cookie for the domain name of your tenant will be marked as expired as shown below:

85241-image.png


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


image.png (11.6 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@amanpreetsingh-msft -- This is very insightful thank you! I do have one question, is there anyway to get it to work without specifying the SessionId (SessionIndex). I noticed the user is signed out of the B2C session which is what I wanted BUT since I don't have a sessionId in my workflow, I get a message Invalid Session Index if I just pass "-1". My goal would be to just sign the user out of B2C and redirect to a generic logout page in our app. Maybe there is another endpoint I can use to accomplish this?

Thank you!

0 Votes 0 ·