Support redirection after sign out; Support WREPLY parameter needed for ADFS and Facebook
Currently, wreply is not supported. When an ADFSv2 user signs out they get a dead end page like this:
The wreply parameter is an industry standard and should be implemented:
http://social.technet.microsoft.com/wiki/contents/articles/ad-fs-how-to-invoke-a-ws-federation-sign-out.aspx
http://msdn.microsoft.com/en-us/library/bb608217.aspx
http://download.boulder.ibm.com/ibmdl/pub/software/dw/specs/ws-fedpass/ws-fedpass.pdf
The second ( related )issue I’m having is that I’m trying to deauth ADFS and Facebook. I need to use the wreply parameter to redirect the user off the ACS host, and back on some “normal” user page.
You might ask why am I redirecting to the ACS? It’s because Facebook is requiring me to. And since the Facebook TOS requires me to implement sign out features (that actually log someone out of facebook, not just my RP) then I have to redirect them to the ACS signout page.
The issue is that the user experience is horrible. They dead end at a page that tells them to close the browser windows. This is a no-go for me since my application is used in Kiosks where it’s not possible to close the browser window, or navigate using the url. Plus it’s bad design.
Chris Mankowski
shared this idea
