• Not Answered

Federated authentication sign-out issue (sitecore 9.1)

Hi all, 

I have a scenario where I must do external federated sign in in Sitecore 9.1. I'm using openid/oauth2 with an external ADFS 2016.

I'm using the Habitat solution as a starting point and I've successfully added the new identity provider and login with the ADFS. 

Currently I only have one issue with the sign-out functionality.

I want to be able to sign out the user on Sitecore and on ADFS. For that I followed the documentation here:

https://doc.sitecore.com/developers/91/sitecore-experience-management/en/understanding-sitecore-authentication-behavior-changes.html#UUID-153eb49e-9b9c-c95e-1e0c-c368778c900d_section-idm45851235771136

I've configured the "triggerExternalSignout" and when I log out this is the behavior:

  1. Click on Habitat Log out which calls AuthenticationManager.Logout();
  2. Sitecore seems to clear local auth cookies and sets the sc_externalLogout cookie
  3. Sitecore / Owin redirects the user to ADFS signout url.
  4. ADFS signs out the user an redirects the user back to Sitecore.
  5. Sitecore now send the user again to ADFS and the user is stuck in a navigation loop.

Reading the important note on the documentation, this seems to be a known behavior. But It doesn't mention solutions, Is this expected? Was there no scenario predicted for the user to get back to the Sitecore site after being sign out from the external provider?

 

Thanks for the help.