Shibboleth Proxy to Azure: Completing logout.
mgrady at unicon.net
Wed Jan 19 22:46:02 UTC 2022
> On Jan 19, 2022, at 3:58 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
> On 1/19/22, 4:46 PM, "users on behalf of Jeffrey Williams via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
>> Does that make this sort of logout a feature request or is there some way to craft and send the
>> samlp:LogoutRequest in the template?
> Not any way that's straightforward unless they check/enforce nothing and it's not compliant anyway.
> -- Scott
It appears that Azure AD may have non-SAML logout endpoints (akin to the Shib IP's profile/Logout) endpoint, but I'm not an expert on that. But several things you find on the web suggest that you might be able to use OAuth logout endpoints that would not expect a SAML Logout message. For example, see this:
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users