SAML20 module: how to set the sign out button behavior?

We are using the SAML20 module and our application has a default sign out button. Clicking the button leads to Furthermore, after signing off in this way, if the user then exits the app and starts it again, he is logged in automatically. Desired behavior: I'd like the user to be directed to the ADFS login page again after he logged in via SAML (ADFS) and then clicked the Sign out button. I did set the constant SAML20.DefaultLogoutPage to /SSO/ but that does not seem to have an effect. Any help would be greatly appreciated.
3 answers

Redirecting to <app url>/SSO/logout does the trick.

I have created an extra logout button that performs the redirect via the URLRedirector widget. Both logout buttons have conditional visibility, based on a boolean on an object that is created during login.


Hi Axel,

   The major hurdle here is that the Mendix app does not have a way to invalidate the current session for your ADFS. The default sign out button ends the Mendix session, but doesn't do anything to the ADFS SAML token that a user gets when the successfully log into your SSO.  Therefore, when a user goes to the Mendix app again, they are re-routed to the SSO authentication which validates that a token is there and they are automatically logged in.  In order to really log a user out, you will need to send a 'signout request' to your ADFS.  This is typically a URL that you can link to from a Mendix Microflow or button that will kill the session. 

  Looking at the ADFS forum a bit, it appears that you can specify a redirect URL for your log out request, in which case you can send the user to the <yourMEndixApp>/SSO/ link.


Could you share details on how you differed those buttons?