AD B2C Single Logout with Subdomain

Singh, Randhir 0 Reputation points
2023-03-29T14:39:22.66+00:00

I am using Tenant based 4 applications Azure AD B2C Single Sign On.

Applications are registered in common Tenant.

When One application Sign IN then rest of then application needs not to signIn it automatically signin when request in same browser separate tab.

When Try to Logout from One application then it can not work for rest of the applications in same browser.

When try to refresh other open applications then their session is working. they did not go to sign-in.

Single Logout is not working.

Any Advice.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,890 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. James Hamil 22,431 Reputation points Microsoft Employee
    2023-03-31T22:19:07.5266667+00:00

    Hi Singh, Randhir ,To sign out the user from all applications, you can redirect the user to the end_session_endpoint that is listed in the OpenID Connect metadata document. When you redirect the user to the Azure AD B2C sign-out endpoint (for both OAuth2 and OpenID Connect) or send a LogoutRequest (for SAML), Azure AD B2C clears the user's session from the browser. However, the user might still be signed in to other applications that use Azure AD B2C for authentication. To sign the user out of all applications which have an active session, Azure AD B2C supports single sign-out, also known as Single Log-Out (SLO).

    To require an ID Token in logout requests, add a UserJourneyBehaviors element inside of the RelyingParty element. Then set the EnforceIdTokenHintOnLogout of the SingleSignOnelement to true.

    You can disable the sign out from federated identity providers, by setting the identity provider technical profile metadata SingleLogoutEnabled to false.

    Please let me know if you have any questions or if this doesn't work and I can help you further.

    If this answer helped you please mark it as "Verified" so other users can reference it.

    Thank you,

    James

    0 comments No comments

  2. Singh, Randhir 0 Reputation points
    2023-04-03T08:44:49.1566667+00:00

    HI James Hamil,

    Thaks for your time, I am working with User Flows and not using any custom Policy.

    I didn't find "disable the sign out from federated identity providers".

    I am also sending Logout request to "Azure AD B2C OAuth 2.0 logout endpoint (v2)" Endpoint.

    it makes Sign out from application Itself at dev server, rest other applications are still login in same browser in different tabs from same Tenant. When try to check with Refresh browser then nothing happen.

    SLO is working fine with localhost host when running multiple applications from Visual Studio 2022.

    Can you advise accordingly.

    0 comments No comments

  3. Singh, Randhir 0 Reputation points
    2023-04-05T06:55:48.9233333+00:00

    When one application make Logoff then needs to close Browser. All shared cookies are removed. When one app is logoff and another app keeps its cookies in same Browser when Refresh in Second app in same Browser with different Tab then it can not logoff automatically. Needs to Close the Browser. Then it works fine.

    0 comments No comments