Is it possible to disable single log out (SLO) for a SAML2 app?

Chris Nott 1 Reputation point
2023-02-02T12:49:08.48+00:00

I have a configuration whereby I have registered an app in AAD, using SAML2 for SSO. This app is acting as an external identity provider to a custom identity solution (Duende IdentityServer), which is used by my application for authentication. The AAD identity provider is configured in my solution using the metadata XML hosted from my Azure AD tenant. Within this metadata is the single log out (SLO) URL. I do not wish to single log out - for example when logging out of my application, I am not logged out of Azure AD for other things (like outlook.office.com). Is it possible to configure the app in Azure AD to not supply the SLO url?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,735 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Givary-MSFT 25,761 Reputation points Microsoft Employee
    2023-02-15T08:56:23.8666667+00:00

    @Chris Nott Thank you for reaching out to us, can you help us with the fiddler trace at the time of issue, would like to review the logout request that is being sent to Azure AD.

    Reference: https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-out-saml-protocol

    Fiddler trace can be shared over email - Please send us an email on azcommunity [at] microsoft [dot] com referencing this issue with a subject line "ATTN:Givary"

    Let me know if you have any further questions, feel free to post back.

    0 comments No comments