We have successfully connected our ADFS server (with WAP) to an IBM Domino Web server using SAML. The trust was added using the IDP.xml export from the domino server where putadfsserver/adfs/ls/?wa=wsignout1.0 for the singout URL in Domino and it's the endpoint on ADFS.
We're still having problems with users not being completely logged out of ADFS with this call. More importantly I'm a complete newbie for this and we're using any kind SAML logout request that I'm aware. Where would one go? How do you generate the information for one?
The scenario we're seeing (it maybe more helpful than my rambling above):
User hits, our Domino site
Gets directed to ADFS login page
Signs in using AD cred. and gets sent to back Domino site
Using the logout button on our domino, logs user out of domino, but does nothing to ADFS.
Manually entering adfsserver/adfs/ls/?wa=wsignout1.0, displays 'you're signed out', but users are still singed in.
I use the adfsserver/adfs/ls/IdpInitiatedSignon.aspx page to see verify this. Also, hitting the sing out from all sites button does not end ADFS, using the sing out from this site option does seem to end the session.
I'm sure my ignorance shows up here so please be gentle. We would like to signout of everything (SAML, Domino, ADFS). How do we take this on?