Guys,
I have implemeted SSO with Azure AD with my test instance. I am using 2019.2. Works fine - MFA triggers etc.
But when I log out from Adaxes websites, it redirects me to "/Adaxes/WebApp_Name#/SamlSignOut" page. And there is a big blue sign in button, if user clicks again it - pages logs him back to the application without any Azure AD MFA challenge etc. Is it just happening with me or somebody else?
I believe SAML sign out method is not implemented here - https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-out-saml-protocol
We have 100s of apps - like workday, service now - when you sign out , they kind of kill the access token and re-ask for authentication. This is a secured way of doing because it kills the access token and protects from back button and if user forgets to close browser etc.
If this is an application design issue, I would like to know ETA for the fix. It is going to attract some nasty looks from Infosec guys - specially when it is a user management tool.