Shibboleth Proxy to Azure: Completing logout.

Michael Grady mgrady at
Wed Jan 19 22:46:02 UTC 2022

> On Jan 19, 2022, at 3:58 PM, Cantor, Scott <cantor.2 at> wrote:
> On 1/19/22, 4:46 PM, "users on behalf of Jeffrey Williams via users" <users-bounces at on behalf of users at> wrote:
>> Does that make this sort of logout a feature request or is there some way to craft and send the
>> samlp:LogoutRequest in the template?
> Not any way that's straightforward unless they check/enforce nothing and it's not compliant anyway.
> -- Scott

It appears that Azure AD may have non-SAML logout endpoints (akin to the Shib IP's profile/Logout) endpoint, but I'm not an expert on that. But several things you find on the web suggest that you might be able to use OAuth logout endpoints that would not expect a SAML Logout message. For example, see this:

Michael A. Grady
IAM Architect, Unicon, Inc.

More information about the users mailing list