Our end user is using ADFS to sign into our ASP.NET MVC web app. The Signout process eventually sends them to:
https://foo.com/adfs/ls/?wa=wsignout1.0&wreply=http%3a%2f%2fdramafever.com
From here, they see the ADFS signout screen. However, the user is complaining that at the ADFS signout page, they can hit backspace, and the browser will navigate back to the relying party which then redirects back to ADFS which then automatically emits another SAML token. ADFS just does this all silently without prompting the user for credentials. The user does not like this.
Is there a way to force ADFS to prompt for credentials for every auth attempt?
I noticed the following ADFS cookies where present upon the back navigate attempt:
MSISIPSelectionPersisten|MSISLoopDetectionCookie
How do those influence ADFS during the auth process?