Shibboleth Proxy to Azure: Completing logout.
Michael Grady
mgrady at unicon.net
Wed Jan 19 22:46:02 UTC 2022
> On Jan 19, 2022, at 3:58 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
> On 1/19/22, 4:46 PM, "users on behalf of Jeffrey Williams via users" <users-bounces at shibboleth.net on behalf of users at shibboleth.net> wrote:
>
>> Does that make this sort of logout a feature request or is there some way to craft and send the
>> samlp:LogoutRequest in the template?
>
> Not any way that's straightforward unless they check/enforce nothing and it's not compliant anyway.
>
> -- Scott
>
It appears that Azure AD may have non-SAML logout endpoints (akin to the Shib IP's profile/Logout) endpoint, but I'm not an expert on that. But several things you find on the web suggest that you might be able to use OAuth logout endpoints that would not expect a SAML Logout message. For example, see this:
https://jpassing.com/2021/06/10/azure-ad-defaults-to-saml-logout-but-not-all-apps-support-that/
--
Michael A. Grady
IAM Architect, Unicon, Inc.
More information about the users
mailing list