I created a relying party trust for adfs and vcloud director. In my application, there is a button to click if the user wants to access his organizations, then he will be redirected to his selected organization in vcloud director. If the user wants to logout to my application, the user should also be logged out from the vcloud director organization. What happens is that, upon clicking logout, the user is redirected to the adfs error page. I looked at the event viewer in adfs and the error is
The SAML protocol message cannot be read because it contains data that is not valid. ---> System.ArgumentOutOfRangeException: MSIS0001: The status code references a top-level status code value 'urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal' that is not valid.
I tried changing the Saml endpoint POST and redirect from
https://{vcloud_hostname}/cloud/org/{organization_name}/saml/SingleLogout/alias/vcd
to
https://{vcloud_hostname}/cloud/org/{organization_name}/saml/logout/alias/vcd
and it does not redirect the user to the adfs error page. So, what's the difference between SingleLogout and logout?
Also, when the user wants to sign in again on my application and decided to redirect himself to the vcloud director organization, and decided to click logout in my application, the user is redirected to "Successfully signed out" page of adfs. But in reality, the user did not successfully signed out. This is my claim rules:
Send LDAP Attribute as Claims
E-Mail-Addresses -> E-Mail Address
E-Mail-Addresses -> Name ID
Transform an Incoming Claim
E-Mail Address -> E-Mail Address
Secure hash algorithm -> SHA-1
Am I missing something? Please help.
