/
ADFS LogoutInitiator

ADFS LogoutInitiator

Owned by Rod Widdowson
Last updated: Dec 06, 2021
1 min read

Advanced Configuration

Note, this is an advanced configuration feature. Most deployments can rely on the <Logout> shorthand element.

Indicated by type="ADFS", this LogoutInitiator supports Microsoft ADFS "signout" requests. If the user's session was initiated with a protocol other than ADFS, then the handler ignores the request. Otherwise, the initiating entityID is used to check for metadata with an <md:IDPSSODescriptor> role supporting ADFS and a compatible <md:SingleLogoutService> endpoint. The absence of either causes a warning to be logged and the handler otherwise ignores the request.

A "supporting" IdP's role element has a protocolSupportEnumeration attribute containing the value "http://schemas.xmlsoap.org/ws/2003/07/secext", with an accompanying <md:SingleLogoutService>with a Binding of "http://schemas.xmlsoap.org/ws/2003/07/secext".

If a "return" query string parameter is provided, it will be passed to the home realm STS in a "wreply" parameter.

Whether or not the logout request is successfully issued, the user's session will be removed if at all possible.

Attributes

Related content

ADFS SingleLogoutService
ADFS SingleLogoutService
Service Provider 3
More like this
SingleLogoutService
SingleLogoutService
Service Provider 3
More like this
SAML2 LogoutInitiator
SAML2 LogoutInitiator
Service Provider 3
More like this
LogoutInitiator
LogoutInitiator
Service Provider 3
More like this
LogoutConfiguration
LogoutConfiguration
Identity Provider 4
Read with this
ADFS SessionInitiator
ADFS SessionInitiator
Service Provider 3
More like this