Azure B2C - SAML Logout

Question

I am trying to understand how to perform a logout in Azure B2C (I have a custom policy setup for SAML authentication), from my understanding there are two types of bindings, HTTP-Post and HTTP-Redirect. I checked the metadata file and it has both listed. I assume I can simply log-out the user by redirecting them to the URL listed is the metadata file:

<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://TENANT.b2clogin.com/TENANT.onmicrosoft.com/B2C_1A_signup_signin/samlp/sso/logout" />

When I do that, I get a generic Azure error page:

Sorry, but we're having trouble signing you in. We track these errors automatically, but if the problem persists feel free to contact us. In the meantime, please try again.

Why does it even say "signing you in", I am not sure. Am I doing something incorrectly here?

Is there more information I should be passing? I even tried using the post_logout_redirect_uri query string param and that doesn't work either.

Answer 1

Hi @gdxyz · Thank you for reaching out.

You may refer to the SAML LogoutRequest.cs file for this purpose. Here is the entire Sample that we have published for SAML Test Application federated with Azure AD B2C configured as SAML IDP.

Upon calling the logout url, the cookie for the domain name of your tenant will be marked as expired as shown below:

-----------------------------------------------------------------------------------------------------------

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.