Single Logout Request Not Working for Azure B2C SAML Federation to Azure Entra ID

Abhishek Chowdhury 0 Reputation points
2024-05-21T07:32:32.17+00:00

I have an Azure B2C tenant that returns a JWT Token after doing a SAML Federation with Azure EntraID. The Login Federation works fine.

While logging out, I am trying to redirect to the link

https://<b2c-tenant>.b2clogin.com/<b2c-tenant>.onmicrosoft.com/b2c_1a_signup_signin/oauth2/v2.0/logout?post_logout_redirect_uri=https://localhost:3000/home&id_token_hint="

following the official website steps(https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy).

I see an additional SAML LogOutRequest is getting triggered for logging out from the SAML IDP and the application is redirecting back to the post_logout_redirect_uri, but the IDP session is still active.

When I try to hit the SAML Logout Request directly in the browser( "https://login.microsoftonline.com/<EntraId Tenant>/saml2?SAMLRequest=<Autogenerated LogOutRequest" ), the IDP session is successfully logging out.

Is there a way we can redirect the B2C "v2.0/logout" to this SAML Request from the browser, so that the logout happens successfully.

Is there any other way, as I am running out of ideas on this? Thanks a lot in advance for the help.

FYI, I am using B2C custom policies to set this up.


Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,187 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Akhilesh 6,740 Reputation points Microsoft Vendor
    2024-05-23T09:56:48.1066667+00:00

    Hi @Abhishek Chowdhury

    Thank you for your post!

    I understand that the SAML session is not being terminated properly when you use the B2C logout endpoint.

    Could you please confirm Have you attempted to configure the app manifest and the app metadata endpoint?
    https://learn.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#configure-your-application
    https://learn.microsoft.com/en-us/azure/active-directory-b2c/saml-service-provider?tabs=windows&pivots=b2c-custom-policy#override-or-set-the-sign-out-url-optional

    Please refer the following link which is explained about Single Sign Out
    Single Sign Out (Single Logout) with Azure AD B2C

    Hope this helps. Do let us know if you any further queries.

    Thanks,
    Akhilesh.


    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.