SAML logout results in an ADFS error page
- Product: Primo
- Product Version: August 2017 release and higher
- Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local
Description
Primo is set up to use the well known ADFS single logout endpoint (https://<adfs_server>/adfs/ls/)
If a user tries to log out they are brought to an ADFS logout page with an error message displayed.
Resolution
1) In the ADFS -- Add a claim to release a NameID with the ldap attribute corresponding to the value of the primaryID for the users in alma
(Edit claim rules for the relying party --> "Send LDAP attributes as claims" ldap attribute - <ldap attribute corresponding the PrimaryID in Alma>, outgoing claim type - Name ID)
2) Make sure ADFS is expecting a SHA-1 signed logout request
(In the relying party configurations --> advanced tab--->SHA-1)
- Article last edited: 18-Apr-2018