ADFS SAML Integration - Problem with "LogoutRequest"

rc8d · April 24, 2022, 6:22am

Hello,

I have followed the official doc and several posts in trying to get ADFS with SAML operational. I can successfully achieve a login, however, I cant get a successful logout.

The issue occurs when you logout of RC web. You are presented with a login page but hitting the back button on any web browser logs the user back in without going through the authentication process.

The issue described above relates to the logout function described by [Guile17] under issue #17919. I have applied the same config, but the issue persists. I have a feeling it relates to the either “Transform rules” or certificates under ADFS but am not 100% certain.

Wondering if anyone has a working ADFS with SAML and is willing to share their configuration? I’d like to rule out any mistakes i have made.

Any help or pointers will be greatly appreciated.

Server Setup Information

Version of Rocket.Chat Server: 4.6.2
Operating System: Ubuntu 20.4
Deployment Method:
Number of Running Instances: 1
DB Replicaset Oplog: wiredTiger (oplog Enabled)
NodeJS Version: v14.18.3
MongoDB Version: 4.2.17
Firewalls involved: N/A

rc8d · April 24, 2022, 6:23am

Official Doc

Github issues and solutions

github.com/RocketChat/Rocket.Chat

Bug SAML login/logout

opened 03:43PM - 15 Jun 20 UTC

closed 06:20PM - 22 Jul 20 UTC

Guile17

type: bug subj: auth - saml

@pierre-lehnen-rc The first image is the error event that appears on my ADFS. T…he second one is the request from RC. I have no idea what the NameQualifier value is on the error. ![image](https://user-images.githubusercontent.com/58185841/84677755-2ccfdb80-aefd-11ea-96bb-d26285c41260.png) ![image](https://user-images.githubusercontent.com/58185841/84677770-30636280-aefd-11ea-825b-0127df3d4d10.png)

rc8d · April 24, 2022, 6:23am

Official Doc

github.com

abrom/Rocket.Chat-docs/blob/master/guides/administrator-guides/authentication/saml/active-directory-federation-services.md

---
description: Authenticating Rocket.Chat and Microsoft ADFS via SAML
---

# Active Directory Federation Services

It is possible to setup the authentication between Rocket.Chat and Active Directory Federation Services by setting up SAML authentication scenario.

Microsoft ADFS provides an IdP service which can be consumed by Rocket.Chat for authentication. Important: If you are using Active Directory _without_ Federation Services, you should perform the user synchronization via LDAP only.

 This document takes into consideration that your ADFS environment is deployed and running. For further info, please refer to [this guide](https://docs.microsoft.com/en-us/previous-versions/dynamicscrm-2016/deployment-administrators-guide/gg188612%28v=crm.8%29)

The Rocket.Chat configuration should be done as follows:

1. Go to Administration -&gt; SAML and configure the entry points and the IdP path

![](../../../../.gitbook/assets/adfs_1.png)

2. Add the private key certificate related to the ADFS server.

This file has been truncated. show original

Github issues and solutions

Topic		Replies	Views
SAML - ADFS Log-out issue Community Support	0	1275	November 11, 2022
ADFS SAML authentication Community Support	0	1323	September 3, 2018
Error when Logging in Using SAML / ADFS Community Support	4	2412	March 7, 2018
SAML ADFS - Windows Integrated authentication Community Support	0	1160	November 10, 2020
Help debugging issue with SAML Community Support	3	1302	March 31, 2020

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

ADFS SAML Integration - Problem with "LogoutRequest"

Related topics