Skip to main content
ExLibris
  • Subscribe by RSS
  • Ex Libris Knowledge Center

    SAML logout results in an ADFS error page

    • Product: Primo
    • Product Version: August 2017 release and higher
    • Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local

     

    Description

    Primo is set up to use the well known ADFS single logout endpoint (https://<adfs_server>/adfs/ls/)

    If a user tries to log out they are brought to an ADFS logout page with an error message displayed.

    Resolution

    1) In the ADFS -- Add a claim to release a NameID with the ldap attribute corresponding to the value of the primaryID for the users in alma

    (Edit claim rules for the relying party --> "Send LDAP attributes as claims" ldap attribute - <ldap attribute corresponding the PrimaryID in Alma>, outgoing claim type - Name ID)

     

    2) Make sure ADFS is expecting a SHA-1 signed logout request

    (In the relying party configurations --> advanced tab--->SHA-1)

     


    • Article last edited: 18-Apr-2018