So I've got a site integrated with ADFS, and it's working great for sign in. I can't figure out what to do with the signout URL. My link is set to mysite/.../SignOut and I've tried several different endpoints in the ADFS Relying Party configuration, nothing seems to be working. Any thoughts on what I can do to implement a true signout?
I want the users to no longer be able to access my restricted resources in the site. That's the ultimate goal when they click logout, so that they can walk away and trust that no one is going to get into their items.
I think I've not expressed myself properly, so let me go through this step by step.
I have an instance of Sitefinity connected to my LDAP.
I also have it connected to the SitefinitySTS that I am using for Claims based logins on the front end.
I then have the SitefinitySTS using ADFS as it's IdP.
So the chain goes Sitefinity -> SitefinitySTS -> ADFS
When a user first logs in, they are able to be bounced to the ADFS, authenticate and then be pushed back up the chain to Sitefinity. When a user goes to log out, the local session is killed, until I click on another screen and then I am re-authenticated, because the signal to kill the ADFS session never made it all the way back to the ADFS server. If I go into ADFS and logout, then click logout on my Sitefinity site, I am really logged out.
Now I have an Endpoint LIstener for ADFS to do a saml style logout. I also have a piece of code in my SitefinitySTS that receives the SignOut link from the front end and passes it through, but something isn't happening right in that spot. That's what I'm trying to repair.
I am hoping I've elaborated this a bit better?