ADFS Logout Issue with Multiple ADFS servers

Question

We have several ADFS environments which are federated to each other.

The setup basically looks like this:

┌-----------------┐     ┌-------------------┐     ┌-----------┐     ┌-----------┐    ┌----------------------┐
 | application 1 | --> | identity broker | --> | ADFS 1 | --> | ADFS 2 | --> | Active Directory |
└-----------------┘     └-------------------┘     └-----------┘     └-----------┘    └----------------------┘

The identity broker, ADFS 1 and ADFS 2 are NOT setup manually, they are configured by uploading the federation metatada of the federated party.

Everything works just fine, but the problem is with the logout and I cannot seem to find the cause.

Working scenario:

• Logon to the application 1 with an account from Active Directory
• Logout from application 1 and it'll follow the correct path
  • logout request is sent to identity broker
  • logout request is sent to ADFS 1
  • logout request is sent to ADFS 2
  • ADFS 2 sends request to ADFS 1
  • ADFS 1 send request to identity broker
  • identity broker sends back to the login page of the application

Not working scenario:

• Logon to the application x (relying party on ADFS 2) with an account from Active Directory
• Logon to the application 1 with an account from Active Directory
• Logout from application 1 and it'll follow the following path
  • logout request is sent to identity broker
  • logout request is sent to ADFS 1
  • logout request is sent to ADFS 2
  • ADFS 2 does one of the following:
    • give an error message: MSIS0024: The input string parameter is either null or empty.
    • shows logout page of application x
    • show logged out page of ADFS 2, but never going further to ADFS 1

EDIT I have done some more testing and it looks like the following:

1. First logon to a SAML application, this gives me a SamlSession cookie

2. Second logon to a WS-Fed application

3. Logout of the WS-Fed application

Then I get the ADFS error page and in the network trace, I do see that the signout request sent to ADFS is sent correctly, but on the request the SamlSession cookie is provided. In the trace I then see ADFS sends me to the logout page I have configured for the SAML application.

How can I achieve to just do a logout from the requested relying party?