Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,271 questions
ADFS - OWA - ECP automatically signs out when loging from custom IdP
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 50%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
adfsloss
0
Reputation points
i have a problem. Im logging into adfs with Keycloak as an IdP, everything works well. Im redirected from Keycloak to ADFS and then im getting redirected to OWA the to the ECP with signout request. Token is sent to LS and /ls is redirecting to logoff /ecp/auth/TimeoutLogout.aspx
My relying party settings:
SsoLifetime : 480
TokenLifetime : 60
Both for test.com/ECP and test.com/OWA
Additionally when logging only using /adfs/ls/IdpInitiatedSignon.aspx im getting redirected to keycloak and then redirected to succesfully logged in page on adfs, where i can see that im logged in.
What can i provide to describe problem better? How should i configure Active Directory, maybe there is a problem?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 35%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXQ%3C/text%3E%3C/svg%3E)
Xintao Qiao-MSFT 3,995 Reputation points Microsoft Vendor2024-05-29T10:12:16.2166667+00:00 Based on your description, it looks like the issue is more related to Active Directory Federation Services. Please kindly understand that the Exchange tag here we mainly focus on general issues about Exchange Server. To better solve your problem, I will add the Active Directory Federation Services tag for you. Thanks for your understanding.
Sign in to comment
Sign in to answer