Tuesday, June 23, 2020

WSFederation–Implementing logout on ADFS

In one my ASP.NET Core applications we are (still) using WSFederation as the authentication protocol. While implementing the signout functionality I noticed that I correctly was signout at ADFS level but that ADFS didn’t return me back to my application afterwards.

This is handled by the wreply parameter and this parameter was correctly send to ADFS.

Here is my logout code:

After some trial and error I could pinpoint the issue to the following situation; when the reply URL was a subpath of the configured WSFederation endpoint it worked and I got correctly redirected.

For example:

I guess it makes sense as it is kind of a security measure.