elmo

As defined in the SAML RFC the end application should be able to generate and send a POST request to the originating IDP using a LogoutRequest, when using PasswordState combined with Azure AD SAML if you point it at the AAD logout URL and press logout Azure says no as its just a 302 to the logout URL. If you input the generic URL it will log you out of all AzureAD applications. Can we please ask for this to be supported? The application should send a LogoutRequest back to the IDP via client browser on logout/timeout. See the following URL for more info https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-out-saml-protocol