Jump to content
Welcome to our new Citrix community!

SAML Logoff from Azure AD Behavior


Recommended Posts

Configured ADC Gateway SAML with Azure AD.   Logging in is fine. We have configured the single logout URL and this is working as expected.  The issue I see is that on Windows 11, on both Edge/Chrome, after clearing cookies/cache, when we log out of our GW/SF session, it does not route us back to the GW logoff page. I am stopped at a /oauth2/logoutsession URL on microsoftonline.com.  It does not route us back to /vpn/logout.html.  The page shows the "You signed out of your account. It's a good idea to close all browser windows."

 

If we close that browser session, and log back in and then log off, we don't hit the /oauth2/logoutsession URL and are routed to /vpn/logout.html properly.

 

Mac O/S works fine for Safari or Chrome, regardless of clearing cookies/cache.  It always logs me out of Azure AD and then places me back to /vpn/logout.html.

 

From Dev tools, i see the following behavior:

 

“Broken”:

 

https://fqdn/Citrix/Lab2Web/Sessions/Disconnect

https://fqdn/Citrix/Lab2Web/Authentication/Logoff

https://fqdn/cgi/logout

https://login.microsoftonline.com/dacdde5a-6df7-4216-acf2-8ac687e02a7c/saml2

https://login.microsoftonline.com/dacdde5a-6df7-4216-acf2-8ac687e02a7c/oauth2/logoutsession

https://fqdn/cgi/logout?SAMLRequest=lVLLitswFP0Vo71kWX7EFo5pIBQM0xnolFl0M1xLsiNqS6kkk2m%2fvqrNLAJtoRstLvfoPO5pPSzzlT%2fYya7hs%2fq%2bKh%2bS%2fnxErzkbhqosATclVLjIJcV1UdcY2MiaRkADTY2SF%2bW8tuaIGKEo6b1fVW98ABPiiLIc0wqz6gvLeFHyvCBZWX9FyTmyaANhQ15CuHqepiI4EOoHuamBwM%2fVxR0Q34g2Xk%2bXcFkHT4RdUjHpdN7kouTRhifz5E5jUO6ej93xvS2z8XyzekSrM9yC154bWJTnQfDn06cHHh3wq7PBCjujrt28uB36bxB4r9xvL6h79%2bKDJzdtpL15YlRIJQgpVQyzkuMBFyyrMIiR4RpEVR8UZXAQaZvunF37GDn6c%2fLRugXC38kzkm0TLfG4rXK1gJ5PUsbwPPpP7cK6mP5%2bhA%2bDnkZrA7FuatNdTtfuXXmOf0dAb6R6617L2Imyzivc1BnDhVIUNwDxEaLIQRS0pLRN%2f4B8H95Vr%2fsF&Signature=S7OKdzKx5hzcC0Naa15o8hCxl1p4k0Um1MqNcN4xfVBCvNtfHtKvc1lNQUqyY1%2f1t4zrFgnYppID2itJCcTc1kvx3WIs3PBq8TG251l2mBScJZZSanEbmHoiOFUkRTLJJmUwYBJNjPphd6SMwuWo0dCc4bd7LXC4QVcivURc9NE6J3QKBaPRv9trZCAMqVARuSte8boCFBJ691CuQmlVNeIXIJ8Zf6bw83w1SMjF%2fMPj%2fgog4c3WotIvAgMs7YymjexpasXs12kd8MYKedzsvMf4mZz4Sk6aCqA%2b6lLZ4as2KkXRJs5dtl7kEIqaqDqzMfzNVG%2fwvfRazfkWblXI6g%3d%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256

 

 

 

“Good”


https://fqdn/Citrix/Lab2Web/Sessions/Disconnect

https://fqdn/Citrix/Lab2Web/Authentication/Logoff

https://fqdn/cgi/logout

https://login.microsoftonline.com/dacdde5a-6df7-4216-acf2-8ac687e02a7c/saml2

https://fqdn/cgi/logout?SAMLResponse=fZJNT8MwDIb%2fSpV7m4%2bmaRd1lRBcJsGFIQ5ckJd4W0WXTHWqAb%2be0okDEuJoy6%2f9PrZbgtNwtvfxEKf0iHSOgTDb3K3Za6NWGqSDXK1cnWtZqrxp6iY3lRRae628ECx7xpH6GNZMFXO0IZpwEyhBSHNKqDIXJlfmSUmrpa3KQsrqhWV3SKkPkBblMaUzWc5dGsHhR3HBXQGf0zjXgHsr%2bkD94ZiO044KF0%2fcHXo%2bLH7neeHH81OcLddCaIfS6JU2%2bxI1Vo1Wpa4bI%2fzOo2HZ%2b2kIZBfoNZvGYCNQTzbACckmZ7c3D%2fd2RrHnMabo4sC6doEar9L%2fRUCE4zcU636gKFFx6YOPFyoCJu7BeY8V5Mbv560qaXJw%2b3m14ExTo1BQO97y68yuvZ5nmyBN9Du6jR6zZxgm%2fN8TLdV2OzmHRIx3Lf%2fdlP%2f1At0X&Signature=whuI3mJIoBVRDoqCK96GYuXgWkQ%2bjFeiySQUNobcNpIQprNFQLcgeePkUz1CJjUzxh23Mu9fc08k3s7gU1egiip%2b8iK6mlp94EKZyk0rmYp%2fD4D0wVWmMD0Zhrk03hWSRzMDHTVtgWqNFUGl0jfFQwaNuaLEkraK6bV6FGLaIq4%2fgDLIzNuzRwgHudSyYYl04e85%2f%2bMYiBNpK2oKs5MYrOUB0Mjxa%2b4RCf%2b8777oUugNjfwkLAVEQZOli4sBGATo9ex1lY5BVGsDV4Ggs33xcgsbQIm5%2bQWwbn5CbWvGyXiWCnCYdLngRIy9LVsmxpTMGTLUdkRY1LiDfxEJFXlhsA%3d%3d&SigAlg=http%3a%2f%2fwww.w3.org%2f2001%2f04%2fxmldsig-more%23rsa-sha256

https://fqdn/vpn/logout.html

 

latest version of 13.1 firmware (upgraded this week).

 

Anyone seen this behavior before?

 

thanks

 

 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...