
The problem is as follows.
If the user does not log in to SP 2 and the SAML session does not appear, then if I send sign-out request to My ADFS, it makes sign-out request to Claim Provider.
However, SP 2 was visited, and the SAML session is open, then when I send the sing-out query to My ADFS, it does not send a sing-out request to the Claim Provider, but instead forms a SAML request to SP 2 ( external ADFS), while generates an error:
MSIS7055: Not all SAML session participants logged out properly. It is recommended to close your browser that not all SAML sessions have been completed.
To avoid this I added the wa=wsingout1.0 parameter to the POST SAML Logout Endpoint of the SP 2 registered as relying party trust 2, and the error disappears, but the browser stops at the external ADFS (RP-2) exit page, and does not send the ws-fed sing-out request to the my Claim Provider (IP). Therefore, the logout was not performed from the Claim Provider, and the user cannot change their account.
How to further force my ADFS not to interrupt the chain and make a logout to the ClaimProvider?
Also my Claim Provider is a separate web service (Identity Server 4) and between My ADFS and Claim Provider is ws-fed only!
This question also my: https://stackoverflow.com/questions/68688204/adfs-do-not-forward-the-logout-request-to-the-identity-provider-if-there-is-an
But I still don't have a solution.
Thanks in advance!