ADFS Non-Claims-Aware Relaying Party Trust cannot logout

Peter Auerbacher 1 Reputation point
2020-04-27T10:48:13.61+00:00

I set for my non-claims-aware Party Trust the logout url to adfs/ls/?wa=wsignout1.0. But if I close the Browser and open the application Url it automatically logins cause the EdgeAccessCookie is still existing.
How can I fix my logout.

Active Directory Federation Services
Active Directory Federation Services
An Active Directory technology that provides single-sign-on functionality by securely sharing digital identity and entitlement rights across security and enterprise boundaries.
1,261 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Bart Hermans 6 Reputation points
    2020-11-04T19:20:22.437+00:00

    I searched myself crazy to find a solution for this problem. And there is a simple infrastructural solution I want to share with you.
    When you publish the non-claims-aware application on WAP you need to enable for that published application on WAP the setting: EnableSignout

    Example: The name of your published application is TEST. On the WAP server run the command:
    Get-WebApplicationProxyApplication TEST | Format List
    There you get some hidden settings that you can't find in the WAP GUI. Default the 'EnableSignOut' setting is "False"
    In the result you need to copy the ID of the published application. (Example ID for TEST = b20e2sq4-01ce-e674-5fe7-0709a1e94d63)
    Run the command to enable the signout option:
    Set-WebApplicationProxyApplication -ID b20e2sq4-01ce-e674-5fe7-0709a1e94d63 -EnableSignout

    To cleanup the EdgeAccessCookie (after log on) for the application, use the URL:
    https://<FQDN relying Party>/?wa=wsignoutcleanup1.0&wreply=https://<FQDN WAP>/adfs/ls/?wa-wsignout1.0

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.