This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am trying to understand how to perform a logout in Azure B2C (I have a custom policy setup for SAML authentication), from my understanding there are two types of bindings, HTTP-Post and HTTP-Redirect. I checked the metadata file and it has both listed. I assume I can simply log-out the user by redirecting them to the URL listed is the metadata file:
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1A_signup_signin/samlp/sso/logout" />
When I do that, I get a generic Azure error page:
Sorry, but we're having trouble signing you in. We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.
Why does it even say "signing you in", I am not sure. Am I doing something incorrectly here?
Is there more information I should be passing? I even tried using the post_logout_redirect_uri query string param and that doesn't work either.
Just following up on this if anyone has an opinion on how to resolve it. I am using Azure B2C w/ SAML. We only have one application that is configured to work with this tenant directory. The user is logged out of the SP but I am having issues removing the cookie from tenant.b2clogin.com
Thank you!
Hi @gdxyz · Thank you for reaching out.
You may refer to the SAML LogoutRequest.cs file for this purpose. Here is the entire Sample that we have published for SAML Test Application federated with Azure AD B2C configured as SAML IDP.
Upon calling the logout url, the cookie for the domain name of your tenant will be marked as expired as shown below:
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@AmanpreetSingh-MSFT -- This is very insightful thank you! I do have one question, is there anyway to get it to work without specifying the SessionId (SessionIndex). I noticed the user is signed out of the B2C session which is what I wanted BUT since I don't have a sessionId in my workflow, I get a message Invalid Session Index if I just pass "-1". My goal would be to just sign the user out of B2C and redirect to a generic logout page in our app. Maybe there is another endpoint I can use to accomplish this?
Thank you!