ADFS Single Signout not working in Internet explorer 10

Question

We have an application that is using ADFS for authentication. For the single signout we are redirecting the application to the url https:///adfs/ls/?wa=wsignout1.0.

The Application gets redirected to the URL without any issue but the signout is not working in INternet explorer. In Chrome and Mozilla this single signout is working fine without any issue.

Has anybody face this issue and what was the workaround?

Answer 1

I do have the same issue. As mentioned, it is an expected behavior when we sign out from within the network. On an external network, you should be prompted for credentials after redirecting to sign out URL. However, it doesn't work in Internet Explorer and Edge.

It does work fine in Chrome and Firefox. The only work around I found is to clear the cookies manually on the IE browser and then redirect to sign-out URL. However, it's hard to expect end user to clear their browser cache manually.

Regards Prasad

Answer 2

How do you detect that "sign-out does not work"? I guess, what happens is:

1. you call https:///adfs/ls/?wa=wsignout1.0 and sign-out actually takes place
2. you visit a Sharepoint page again and IE does not ask you the user credentials, letting you in at once. But this is OK, because at this moment a new sign-on automatically takes place. (You probably may notice that when you revisit the SharePoint page there is a roundtrip to ADFS visible in the browser's address bar).

Answer 3

Actually, from your post, I believe it is working correctly from everywhere. However, since you are using IE and likely on a domain joined machine you are silently signed in with desktop SSO (i.e. windows integrated authentication). For example, if you signed in from outside your corp network on IE and then signed out and signed-in again, you will see the behavior to be different.

Thanks //Sam (Twitter: @MrADFS)