Azure AD B2C Single Sign out and SAML IdP

Question

Hi

We have an Azure AD B2C instance with custom policy to allow users to sign with their credential from an external SAML identity provider.

The custom policy works except for the single logout (SLO) request. The interesting part is, in Chrome the SLO request works but in Firefox and Safari it fails.

During a sign out flow the browser (Firefox is used in this example) receives a payload with a SAML logout request from the Azure AD B2C. The payload is then loaded into an iframe so that the SAML logout request can be posted to the SAML IdP. In the row 41 in the client side script in the following image you can see a iframe that is being appended to the DOM in the method frameLoader, and this is where the request fails.

And here is the stack trace of the exception for the call to frameLoader.

I thought the issue was related to cookies and cross-site request forgery (CSRF), so I configured a custom domain for the Azure AD B2C, but that didn’t resolve the issue. I also thought it had to do with the SameSite attribute in a cookie, so I tried editing one of them but that didn’t fix the issue.

Is there anyone that has encountered this issue and knows how to resolve it?

UPDATE
Further debugging relieved that the issue is related to Firefox way of handling pop-up window. The SAML SLO request works only when I add the URL of the web application as allowed website for window pop-up in Firefox.

Is there a workaround for allowing iframe to be loaded into the parent web application without adding the URL of the web application as allowed website for window pop-up in Firefox?