Who's Online
6 visitors online now
0 guests, 6 bots, 0 members
Support my Sponsor
  • An error has occurred, which probably means the feed is down. Try again later.

ADFS signout issue for SharePoint site in IE browser due to FedAuth Cookie

 

Hi All,

 

Today we will discuss on a very famous SharePoint ADFS sign Out issue. Let me start with some background on the issue. I have configured SharePoint with ADFS authentication, everything(login, logout, claims, etc) works except when I try to logout, I am redirected to a page similar to https://your_sts_server/adfs/ls/?wa=wsignout1.0.

 

Now without closing the browser windows(Logout message says “Sign out: Close browser to complete sign out”) type the SharePoint site URL in address bar, I won’t be asked to login and SharePoint site will be accessible. This shows that Signout was incomplete.

 

This is a known issue with SharePoint site working with ADFS authentication. This is is caused due to ADFS FedAuth Cookie. In order to have correct sign out behaviour we need to make the FedAuth cookies as session based. We can achieve this by running the following SharePoint Powershell command:
$sts = Get-SPSecurityTokenServiceConfig
$sts.UseSessionCookies = $true
$sts.Update()

 

You need to run above command on a single server but you need to perform iisreset on all SharePoint servers.

 

To understand more about the FedAuth Cookie check below article:
https://msdn.microsoft.com/en-us/library/office/hh147183(v=office.14).aspx

 

Hope this will help you all.

Comments are closed.