'Single Logout Implementation using ITfoxtec Library

We are trying to implement Single Logout functionality in Azure AD B2c using Itfoxtec Saml library. We have tried multiple configuration options but the SingleLogout method is not working as expected.

We need a reference article or post on how to configure manifest file when using ItFoxtec library.

We have already referred below articles

https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebAppCore

https://docs.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy

azure-ad-b2cazure-ad-b2c-custom-policyitfoxtec-identity-saml2


Solution 1:[1]

It sounds like you have achieved to do logout in Azure AD B2C initiated from your application implementing the ITfoxtec Identity SAML 2.0 component.

Single logout is the case where someone other than your application initiated logout or you want to do logout in an external IdP. For this to work you need to configure session management correctly in Azure AD B2C, maybe that is the missing part?

Also the single logout endpoint is separate in the refired sample. The endpoint is exposed in the metadata.

Solution 2:[2]

Please check the below points :

  1. You can redirect the user to the end_session_endpoint.Try if it logs out completely with GET request to https://{tenant}.b2clogin.com/{tenant}.onmicrosoft.com/{name-of-b2c-login-userflow}/oauth2/v2.0/logout?post_logout_redirect={static-webapp-url}/.auth/logout.

a) The user may still be signed in to other applications that use Microsoft accounts for authentication. To enable those applications to sign the user out simultaneously, the Microsoft identity platform sends an HTTP GET request to the registered LogoutUrl of all the applications that the user is currently signed in to.See Microsoft identity platform and OpenID Connect protocol - Microsoft identity platform | Microsoft Docs

b) If you wish to support single sign-out in your application, you must implement such a LogoutUrl in your application's code. You can set the LogoutUrl from the app registration portal.or edit from the manifest like below.

enter image description here

Also try by giving front channel logout url which has to result in single signout.

enter image description here

  1. Please check if you should call the Logout method like here > sample code. The SingleLogout is called by an IdP (Azure AD B2C) if it wants to initiate logout in your relaying party application.

  2. Please check if you are using ITfoxtec Identity SAML2 component without a NameID, which may not be able to do logout or single logout. NameID is optional in login but not in logout and single logout.

References:

  1. Configure Azure Active Directory B2C as a SAML IdP to your applications | Microsoft Docs

  2. itfoxtec identity saml2 - How to single logout from Azure AD B2C with ITFoxTech SAML 2 library? - Stack Overflow

  3. Configure Azure Active Directory B2C as a SAML IdP to your applications | Microsoft Docs

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Anders Revsgaard
Solution 2 kavyasaraboju-MT

Related Questions

Pass parameters to Sign-up policy

Pass parameters to Sign-up policy

Azure AD B2C with React Native Expo

Is it possible to automatically update B2C user details by using claims from the Issuer, using Identity Experience Framework?

Can I use SVG within a customized the Azure AD B2C user interface?

Azure B2C password field text and placeholder

Looking up users in AAD B2C using extension attributes or unusual standard attributes

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

Single Sign Out Not working between OpenID & SAML (Azure AD B2C)

Argo Workflow SSO not working with Azure Active Directory B2C

How to query another Azure Active Directory tenant from Graph Explorer

Azure AD B2C Single Sign Out not signing out all applications when using multiple protocols

404 Not Found error via resource owner password credentials flow in Azure AD B2C

Azure B2C - REST API call Error "Message: The claims exchange <Id> specified in step <order> returned HTTP error response that could not be parsed"

Xamarin.Forms MSAL authentication java.exe exited with code 1