Signout without wtrealm with IdentityServer as claims provider in ADFS 2016 #17
Comments
|
This repo is just a sample implementation - we don't actively maintain it. If you want commercial support implementing the feature, let us know. Or use the commercial WS-Fed plugin which includes support: https://www.identityserver.com/products/ws-federation |
|
I understand this repo is a sample and not actively maintained. I am trying to help out Alexej Kowalew here 616b2f#1 with getting the sample working with wfresh and signout support. My question above 'Why does IdentityServer 4 require this?' is something you could perhaps help us answer, or should I post that question in the github repo for IdentityServer4? |
|
I can't remember tbh. OpenID Connect requires this (for good reason) - and I guess since WS-Fed is just "using" the core engine - it is required there as well... |
Hi,
Missing support for PostLogoutRedirectUri was discussed here #9. The suggested solution to pass an id_token_hint from the WsfederationController with the wtrealm does not work when using IdentityServer as a claims provider in ADFS 2016. ADFS 2016 does not pass the wtrealm parameter to the claims provider on signout. I went back to my IdentityServer 3 claims provider in ADFS 2016 and this one handles the signout ok without the wtrealm parameter. Why does IdentityServer 4 require this? Is there another way to generate the id_token_hint? Perhaps with the suggested WsFederationSignoutRequestValidator? Will it be able to generate the id_token_hint without the wtrealm parameter?
The text was updated successfully, but these errors were encountered: