You need to sign in to do that
Don't have an account?
sudhakartrao1.3965789150856177E12
Single Sign on Logout issue
Hi ,
We have implemented Salesforce Single Sign on with Active Directory using SAML 2.0
1. SSO login is successfull.
2. When user log out from salesforce , salesforce session ended however the ADFS session still active .
When the user clicks Single sign on button again ,salesforce session starts without asking for username and password as ADFS session is still active.
Please help to configure "Identity Provider Logout URL" in SSO settings.
We have implemented Salesforce Single Sign on with Active Directory using SAML 2.0
1. SSO login is successfull.
2. When user log out from salesforce , salesforce session ended however the ADFS session still active .
When the user clicks Single sign on button again ,salesforce session starts without asking for username and password as ADFS session is still active.
Please help to configure "Identity Provider Logout URL" in SSO settings.
Have you configured the "My Domain" for this org? The Logout URL will only show up in the SAML 2.0 configuration when using My Domain.
http://www.salesforce.com/us/developer/docs/sso/Content/sso_saml_idp_values.htm (http://www.salesforce.com/us/developer/docs/sso/Content/sso_saml_idp_values.htm" target="_blank)
Identity Provider Logout URL
This field appears in Developer Edition production and sandbox organizations by default and in production organizations only if My Domain is enabled. This field does not appear in trial organizations or sandboxes linked to trial organizations.
Rob Smith
Thanks for your response.
YES. We have configured mydomain in our organization. I can see identity provider logout URL in SSO settings.
There was no issues with login to salesforce with network username and password.
The issue with sign out. Salesforce logout does not logout of IDP.
This is a major security issue we are facing.
If you are using ADFS you may want to verify that this setting is correctly pointing to your ADFS Sign-Out url.
See: AD FS: How to Invoke a WS-Federation Sign-Out
http://social.technet.microsoft.com/wiki/contents/articles/1439.ad-fs-how-to-invoke-a-ws-federation-sign-out.aspx
The ADFS Sign-out url: https://{DNS_name_of_RP_STS}/adfs/ls/?wa=wsignout1.0
We have contacted Microsoft on this issue and here is the reponse from them.
The Relying Party - Salesforce.com, uses SAMLP instead of WS-Fed. That is, the SAML token issued by ADFS server for access to salesforce.com is in SAMLP format. Under that situation, the logout should in the SAMLP style as well. However, the command https://signin.mediacorp.com.sg/adfs/ls/wa=wsignout1.0 is for WS-Fed only.
To log out in SAMLP style, the RP should instruct the client to POST a samlp:LogoutRequest in SAMLRequest to /adfs/ls/ endpoint of the ADFS server.
Would you able to advice me what Microsoft suggest you to take this forward.
I am also facing same issue in my org.i have configured SSO with Azure,i can able to logout from community but when login agian this community it is not aksing user login details.
Could you please any one help me out in this.