Hi,
I have following setup.
Relying parties (applications) --->(trust)---->Internal ADFS (RP-STS)--->(trust)--->External ADFS (IDP)
We have two types of applications (Relying parties)
1) Java based SAML enabled application
2) .Net based WIF enabled application (WS-Fed)
1) When I login to both Java and .Net applications (within same session using single signon) and then try to logout,
I get properly logout from both the applications. The logout request properly get propagated from Internal ADFS (RP-STS) to External ADFS (IDP)
and at the end of logout process I land on External ADFS (IDP) logout page.
2) When I login only to .Net application and try to logout, then also I get properly logout and I can see External ADFS (IDP) logout page.
3) But when I login ONLY to Java application (SAML) and try to logout, the Internal ADFS (RP-STS) does not propagate logout request to External ADFS (IDP)
and I end up landing on Internal ADFS (RP-STS) logout page. So without closing my browser if I again try to access Java application I do not get prompted to enter
user name and password, instead I directly get access to application
because on External ADFS (IDP) session never got deleted. So token gets reissued.
Is this some kind of ADFS bug or am I missing some configuration somewhere?
