I am not providing the signing verification certificate to ADFS. My login is working fine using ADFS. Whenever my application initiates the SLO request to ADFS, it is getting failed and getting below error.
Encountered error during federation passive sign-out.
Additional Data
Exception details:
Microsoft.IdentityServer.RequestFailedException: MSIS7054: The SAML logout did not complete properly.
If i signed the only logout request, it works fine. so is it required to send signed logout request ?
Flag SignedSamlRequestsRequired is set to false on adfs.
Please help..
Yes as per SAML 2.0 spec for single logout (SLO) to work you need to ensure logoutrequest is signed. AuthnRequest doesnt need to be signed.
See https://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf 4.4.4.1 on logoutrequest usage quoted below. Note the use of MUST.