search

Azure-Samples / active-directory-b2c-advanced-policies

Sample for use with Azure AD B2C with Custom Policies.
http://aka.ms/aadb2ccustom
MIT License
217 stars 145 forks source link

saml custom policy logout url #68

Open ssahon opened 4 years ago

ssahon commented 4 years ago

Hello I'm trying to integrate zendesk and azure b2c using custom policies with SAML flow

So I followed documentation described here https://docs.microsoft.com/en-us/azure/active-directory-b2c/connect-with-saml-service-providers

I modified NameId to use email. So login works fine and I can reach zendesk SP. The only issue left that I cannot find documentation how to configure logout url on service provider side. I took logout url from policy metadata, it looks like: https://tenant.b2clogin.com/tenant.onmicrosoft.com/B2C_1A_signup_signin_saml/samlp/sso/logout unfortunately when Service Provider redirects to this endpoint it complains about missing session index. it is true that saml logout request does not contain session index and I configured session management provider not to include session index

<TechnicalProfile Id="SM-Saml-issuer">
          <DisplayName>Session Management Provider</DisplayName>
          <Protocol Name="Proprietary" Handler="Web.TPEngine.SSO.SamlSSOSessionProvider, Web.TPEngine, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
          <Metadata>
            <Item Key="IncludeSessionIndex">false</Item>
            <Item Key="RegisterServiceProviders">false</Item>
          </Metadata>
        </TechnicalProfile>

so what is the proper way to handle logout with SAML?