'Azure AD B2C Single Sign Out not signing out all applications when using multiple protocols
We have circa 50 applications that integrate with Azure AD B2C, which comprises a mix of OpenId Connect relying parties and Saml2 service providers.
The custom policies we have built have been configured to support Single Sign Out (based on the following document: https://docs.microsoft.com/en-us/azure/active-directory-b2c/session-behavior?pivots=b2c-custom-policy#single-sign-out).
We see the following behaviours:
When initiating sign-out from an OpenId Connect RP all other OpenId Connect RPs that the user is signed into are signed out, BUT no Saml SPs that the user is signed into are signed out.
When initiating sign-out from a Saml2 SP all other Saml2 SPs that the user is signed into are signed out, BUT no OpenId Connect RPs that the user is signed into are signed out.
It appears that Single Sign Out is not working across protocols in B2C - is this correct or could we have an issue in our custom policy implementation? Given different session management providers are used for each protocol does that suggest the former?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|