This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(252.8, 18%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
we are using 2 Single page applications. we have registed 2 apps(one is for API & another one is for Web).
Now we want to implement single sign out (SLO) for my web apps. we tried to hit end-session endpoint(https://tenant.b2clogin.com/tenant.onmicrosoft.com/<policy-name>/oauth2/v2.0/logout. it is logging out the user from respective application but not other application.
we want to implement single logout for my both the applications.
Thank you for posting your query on Microsoft Q&A, from above description I could understand that you are looking to achieve SLO via user flow for Azure B2C.
Please do correct me if this is not the case by responding in the comments section:
As per current design Single sign-out for B2C could be achieved only via Custom Policy the existing user flow would only signout from the app.
To support single sign-out, the token issuer technical profiles for both JWT and SAML must specify:
The protocol name, such as <Protocol Name="OpenIdConnect" />
The reference to the session technical profile, such as UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />.
The following example illustrates the JWT and SAML token issuers with single sign-out:
<ClaimsProvider>
<DisplayName>Local Account SignIn</DisplayName>
<TechnicalProfiles>
<!-- JWT Token Issuer -->
<TechnicalProfile Id="JwtIssuer">
<DisplayName>JWT token Issuer</DisplayName>
<Protocol Name="OpenIdConnect" />
<OutputTokenFormat>JWT</OutputTokenFormat>
...
<UseTechnicalProfileForSessionManagement ReferenceId="SM-jwt-issuer" />
</TechnicalProfile>
<!-- Session management technical profile for OIDC based tokens -->
<TechnicalProfile Id="SM-jwt-issuer">
<DisplayName>Session Management Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.OAuthSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</TechnicalProfile>
<!--SAML token issuer-->
<TechnicalProfile Id="Saml2AssertionIssuer">
<DisplayName>SAML token issuer</DisplayName>
<Protocol Name="SAML2" />
<OutputTokenFormat>SAML2</OutputTokenFormat>
...
<UseTechnicalProfileForSessionManagement ReferenceId="SM-Saml-issuer" />
</TechnicalProfile>
<!-- Session management technical profile for SAML based tokens -->
<TechnicalProfile Id="SM-Saml-issuer">
<DisplayName>Session Management Provider</DisplayName>
<Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</TechnicalProfile>
</TechnicalProfiles>
</ClaimsProvider>
I would recommend you share this as feedback on our feedback portal.
Please "Accept the answer (Yes)" and "share your feedback ". This will help us and others in the community as well.
Thanks,
Akshay Kaushik
thanks for your response. i am new to this b2c custom policies. how to create custom policy for sign-in flow(we don't want sign up flow).
i tried to create user-flow by taking https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-sign-in-policy?pivots=b2c-custom-policy as reference.
but if i add content definitions block,
<!--
<BuildingBlocks>
<ContentDefinitions>-->
<ContentDefinition Id="api.localaccountsignup">
<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:1.2.0</DataUri>
</ContentDefinition>
<!--
</ContentDefinitions>
</BuildingBlocks> -->
it is throwing below error.
the element 'TrustFrameworkPolicy' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06' has invalid child element 'ContentDefinition' in namespace 'http://schemas.microsoft.com/online/cpim/schemas/2013/06'.<DataUri>urn:com:microsoft:aad:b2c:elements:contract:unifiedssp:1.2.0</DataUri>
if we remove content definition block, it is coming with signup link as well.
Kindly try following https://learn.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows?pivots=b2c-custom-policy to create a default custom policy and then make the necessary changes. This example will help you in uploading the policy framework in appropriate hierarchy.