1

We are trying to implement Single Logout functionality in Azure AD B2c using Itfoxtec Saml library. We have tried multiple configuration options but the SingleLogout method is not working as expected.

We need a reference article or post on how to configure manifest file when using ItFoxtec library.

We have already referred below articles

https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebAppCore

https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy

Roshan Tolwani
  • 78
  • 6

2 Answers2

0

It sounds like you have achieved to do logout in Azure AD B2C initiated from your application implementing the ITfoxtec Identity SAML 2.0 component.

Single logout is the case where someone other than your application initiated logout or you want to do logout in an external IdP. For this to work you need to configure session management correctly in Azure AD B2C, maybe that is the missing part?

Also the single logout endpoint is separate in the refired sample. The endpoint is exposed in the metadata.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
-1

Please check the below points :

  1. You can redirect the user to the end_session_endpoint.Try if it logs out completely with GET request to https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{name-of-b2c-login-userflow}/oauth2/v2.0/logout?post_logout_redirect={static-webapp-url}/.auth/logout.

a) The user may still be signed in to other applications that use Microsoft accounts for authentication. To enable those applications to sign the user out simultaneously, the Microsoft identity platform sends an HTTP GET request to the registered LogoutUrl of all the applications that the user is currently signed in to.See Microsoft identity platform and OpenID Connect protocol - Microsoft identity platform | Microsoft Docs

b) If you wish to support single sign-out in your application, you must implement such a LogoutUrl in your application's code. You can set the LogoutUrl from the app registration portal.or edit from the manifest like below.

enter image description here

Also try by giving front channel logout url which has to result in single signout.

enter image description here

  1. Please check if you should call the Logout method like here > sample code. The SingleLogout is called by an IdP (Azure AD B2C) if it wants to initiate logout in your relaying party application.

  2. Please check if you are using ITfoxtec Identity SAML2 component without a NameID, which may not be able to do logout or single logout. NameID is optional in login but not in logout and single logout.

References:

  1. Configure Azure Active Directory B2C as a SAML IdP to your applications | Microsoft Docs

  2. itfoxtec identity saml2 - How to single logout from Azure AD B2C with ITFoxTech SAML 2 library? - Stack Overflow

  3. Configure Azure Active Directory B2C as a SAML IdP to your applications | Microsoft Docs

kavyaS
  • 8,026
  • 1
  • 7
  • 19