Force reauthenticate with adfs

3
votes

I have seen a similar post but that was more related to ASP. I will explain my situation below.

I am developing a SP(Relying Party) and integrating with ADFS (IDP). Since I am in the integration phase, I want ADFS to forget that I have previously authenticated so that each time I hit the ADFS endpoint (/adfs/ls) with AuthnRequest, I want it to ask for my credentials.

I believe ADFS by default, remembers clients by their remote IP/host name so clearing cookies on client machine does not help. There was a post that gave a link to logout from IDP (https:///adfs/ls/?wa=wsignout1.0&wreply=https:///adfs/ls/?wa=wsignoutcleanup1.0). The ADFS says I have been logged out but when I hit ADFS endpoint, ADFS redirects back to SP with successful AuthResponse.

Can you please tell me how to force reauthenticate/logout on ADFS or point me to the right articles?

2
single-sign-onsamlclaims-based-identityadfs
Also see my response in this post stackoverflow.com/questions/4938927/reauthenticate-using-adfs Thanks //Sam (@MrADFS)SamuelD MSFT

2 Answers

1
votes

The FederatedPassiveSignInStatus control (which should be part of VS if you've installed all the WIF stuff) will help you. Add it to your app. and clicking it will log you out of everything.

Also AD FS: How to Invoke a WS-Federation Sign-Out

1
votes

Add wfresh=0 as a URL parameter.

This parameter indicates "freshness requirements".

According to the spec:

If specified, this indicates the desired maximum age of authentication specified in minutes.