Reputation: 331
Azure AD SSO SingleLogoutService doesn't have POST binding in Federation metadata
When tried to integrate a SP(Cognito) with IdP (Azure AD) through SAML federation,
Azure AD SSO SingleLogoutService doesn't have POST binding in the federation metadata. It does only have urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.
What should we do to add urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST in the metadata. I've went through Azure docs and didn't find one.
Whereas I've tried to integrate ADFS, ADFS metadata have both HTTP-Redirect and HTTP-POST. The SAML Logout Response from IdP is sent to SP as POST and works perfectly.
The login flow works pretty straight and has no problems at all. Whereas with Logout, IdP accepts SAML Logout Request and provides the SAML Logout Response through GET endpoint which should be a POST binding endpoint that SP accepts.
Is the absence of urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST binding in SingleLogoutService disrupts the logout?
Does Azure support only GET for SingleLogoutService? Azure docs doesn't have any reference regarding the binding it supports for Logout.
Upvotes: 3
Views: 2307
Answers (1)
Reputation: 666
I think Azure AD only supports HTTP-Redirect...
While "backchannel" would typically refer to SOAP requests I'm pretty sure there's no plan to support anything other than HTTP-Redirect.
Upvotes: 2
Related Questions
- Microsoft 365 not asking for MFA while doing login
- Azure AD metadata and userinfo does not support CORS
- Enable Seemless SSO when currently Federated
- switch signInAudience from AzureADMyOrg to AzureADMultipleOrgs azure
- Why does “signInAudience”: “AzureADMultipleOrgs” cause 'The URI scheme is invalid or unsupported'
- Howto add Azure AD as AWS Cognito Federated IdP
- How to use AWS Cognito as Single-sign-on?
- Azure AD B2C OpenID Connect single logout with WS-Federation and SAML claims provider
- How can I integrate Azure AD into my app which implements SSO using AWS Cognito?
- Azure Active Directory configuration