This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 88%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EK%3C/text%3E%3C/svg%3E)
Dear Sir/Madam,
When sign out from web portal and successful cleared cookies during ADFS oauth Single log-out, but the redirect still keep at AD FS Single log-out page and not redirect that after gived parameter id_token_hint and post_logout_redirect_uri (before added LogoutUri), May i know any wrong step during the single log-out that discontinue process or the step is just over?
Document from below link:
(https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-logout-openid-connect)
p.s Using Mircorsoft server 2019 ADFS 4.0.
Regards,
KuSai
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(275.2, 56.00000000000001%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAO%3C/text%3E%3C/svg%3E)
Hi,
We are getting this same issue in our Server 2016 ADFS.
Did you manage to fix it?
Hi AntonioOlivar,
Not fix yet, my current state is only return to ADFS login page for next login.
Exactly, we hope it can redirect back to our portal.
Reference to graph document and using below redirect link as logout.
https://{{adfsServer}}/adfs/oauth2/logout?id_token_hint={{adfsIdToken}}&post_logout_redirect_uri={{RedirectUri}}
Regards,
KuSai
If you are using an external claim provider in this config, note that there was a bug in ADFS 2019 which was corrected with the following update:
Addresses an issue that fails to apply the post_logout_redirect_uri= parameter when you use an External Claims Provider.
Maybe you are in this case...
Could you share a sanitized Fiddler trace?
Hi piaudonn,
Do you mean this?
Screenshots of Fiddler traces aren't usefull most of the time...I meant an actual trace from which you remove or rather replace data with bogus stuff (you can edit the frame and replace FQDN by contoso.com, access tokens by a random string and credentials by *** or something similar). If you're not comfortable with that, that's fine, but it will make the troubleshooting a longer and not always efficient.
Make sure you have added the URI in the right places, this is described here: https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/ad-fs-logout-openid-connect#client-configuration are you all set from that perspective?
Hi Piaudonn,
As previous capture are all setup at on-premise exchange server 2019, our portal using AD FS OAuth Single sign-on was successfully done and clears the authentication state well after Single logout, that meant when enter again AD FS OAuth is ready for next login.
When we given parameter id_token_hint and post_logout_redirect_uri to AD FS Single logout, but not redirect action to our portal( parameter setup in LogoutUri in photo 2 ). Only hold as AD FS login page ( Because of tiny difference from graph OAuth that graph will redirect back to our portal ).
So, is that important of our server hostname (remove data) is using?
If yes, i will clone the environment for testing this case.
Enclosed below capture with missing :
Photo 1 : On-premise AD FS server 2019 Hotfix state :
Photo 2 : On-premise AD FS server 2019 LogoutUri :
Regards,
Carl