Azure AD B2C Sign-out issue

wizard2019 0 Reputation points
2024-10-06T22:48:15.71+00:00

I have an issue with the sign-out in Azure B2C.

For the sign-out I was following the documentation https://learn.microsoft.com/en-us/azure/active-directory-b2c/openid-connect#secure-your-logout-redirect available but even if it looks like it is working (I'm redirected to the configured URL), if I click again on the link to login via Azure SSO, it will not ask for my login and password and connect me directly. From network, I can see logout is called successfully with status 200.

My Logout url: {end_session_endpoint}/?post_logout_redirect_uri={my_logout_url}&client_id={clientId}

2024-10-07 09_34_52-BorderWise UMP and 74 more pages - Work - Microsoft​ Edge

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,455 questions
{count} votes

1 answer

Sort by: Most helpful
  1. James Hamil 26,036 Reputation points Microsoft Employee
    2024-10-08T19:18:30.04+00:00

    Hi @wizard2019 , make sure the session is actually being terminated. Just clearing the application's cookies or ending the session with the user isn't enough. You need to redirect the user to Azure AD B2C to sign out properly. Otherwise, they might be able to re-authenticate without entering their credentials again.

    Also, try passing the id_token_hint parameter in your logout request. This helps Azure AD B2C identify the session that needs to be terminated. You can configure your sign-up/sign-in user flow to require an id_token_hint on logout and pass it in the logout request.

    If you're using single sign-out, make sure all applications involved are correctly configured to handle the sign-out request. This includes setting the logout URL under the authentication settings in the Azure portal and handling the OnRedirectToIdentityProviderForSignOut event.

    Sometimes the issue might be related to browser cache or cookies. Make sure all relevant cookies are cleared during the sign-out process, including cookies like x-ms-cpim-sso and x-ms-cpim-csrf.

    If you're using custom policies, ensure they're correctly configured to handle the sign-out process. This includes verifying that the technical profiles and user journeys are set up correctly to manage the sign-out flow.

    Please let me know if you have any questions and I can help you further.

    If this answer helps you please mark "Accept Answer" so other users can reference it.

    Thank you,

    James

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.