ADFS 2.0 w / Google Apps注销问题 [英] ADFS 2.0 w/ Google Apps Logout Issue

问题描述

我已将ADFS 2.0与Google Apps（教育版）配合使用。 到目前为止，登录似乎运行顺利，起初我遇到了Logout的问题，然后我认为已经修复了另一个线程的以下说明：

I have configured ADFS 2.0 in conjunction with Google Apps (Educational Edition).  So far the login seems to work smoothly, at first I had issues with the Logout, which I then believed to have fixed with the following instructions from another thread:

由于没有正式答案，我将回复未来的SSO / Googley / ADFS管理员...

Since there hasn't been an official answer to this, I'll reply for future SSO/Googley/ADFS admins...

修复方法是使用 https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0
地址在Google配置和设置中在ADFS中的RP信任配置中匹配SAML注销端点。

步骤：

Steps:

1. 转到Google应用控制面板 - 高级工具 - 设置SSO

2.  "退出页面URL" = https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0

3. 保存更改

1.  Goto the Google apps control panel - advanced tools - setup SSO
2.  "Sign-out page URL" = https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0
3.  Save changes

1. 转到ADFS经理 - 信任关系 - 依赖方信任 - <您的政党信任>属性

2. 在端点标签下，点击添加

3. 端点类型= SAML注销，绑定= POST，URL = https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0

1.  Goto ADFS manager - Trust Relationships - Relying Party Trusts - <your party trust> properties
2.  Under the Endpoints tab, click Add
3.  Endpoint Type = SAML Logout, Binding = POST, URL = https://myadfsserver.domain.net/adfs/ls/?wa=wsignout1.0

您可以设置响应URL，如果您希望它重定向到另一个页面但我们喜欢ADFS站点，因为它警告您已注销，但您仍应关闭浏览器。

You can set a response URL if you want it to redirect to another page but we like the ADFS site since it warns that you are logged off but you should still close your browser.

现在注销似乎没问题，我也收到了来自ADFS 2的确认消息。 但是，当我多次单击浏览器的后退按钮或手动输入Googel Apps URL时，我会再次登录。 有关此
行为的解决方案吗？ 在我看来，这是一个严重的安全漏洞。

The logout seems to be ok now, I also get a confirmation message from ADFS 2.  However, when I click the browser's back button several times or type in the Googel Apps URL manually, I get logged in again.  Is there any solution about this behavior?  In my opinion this is a severe security flaw.

非常感谢您的反馈！

推荐答案

您是否启用了IWA在您的AD FS 2.0服务器上？如果要提示输入用户名和密码，请确保已关闭IWA。有关信息，请参阅此链接：  http：//social.technet.microsoft.com/wiki/contents/articles/1600.aspx

Do you have IWA enabled on your AD FS 2.0 server? If you want to prompt for a username and password, make sure you have IWA turned off. See this link for info: http://social.technet.microsoft.com/wiki/contents/articles/1600.aspx

这篇关于ADFS 2.0 w / Google Apps注销问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！