Logging out of the manager part using ADFS

Member since: 2012

I have implemented ADFS login in both CMS and manager startup.cs method (this is shortened for simplicity)

public void Configuration(IAppBuilder app)
            using (var applicationOptions = new ApplicationOptions
                ConnectionStringName = _connectionStringHandler.Commerce.Name



            app.UseCookieAuthentication(new CookieAuthenticationOptions());

            app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
                // client specific code here


            app.Map(url, map => map.Run(ctx =>
                if (ctx.Authentication.User?.Identity == null || !ctx.Authentication.User.Identity.IsAuthenticated)
                    return Task.Delay(0);

                var redirectTo = new Uri(postLoginRedirectUri).AbsoluteUri;

                return Task.Run(() => ctx.Response.Redirect(redirectTo));

            app.Map(logoutUrl, map =>
                map.Run(ctx =>

                    return Task.Run(() => ctx.Response.Redirect(new Uri(postLogoutRedirectUri).AbsoluteUri));

            AntiForgeryConfig.UniqueClaimTypeIdentifier = ClaimTypes.NameIdentifier;


Logging into CMS part ensures that user is logged into manager part as well.

Logging out from the manager part using the top left Sign out link results in error with the following message:

"OpenIdConnectMessage.Error was not null, indicating an error. Error: 'server_error'. Error_Description (may be empty): 'MSIS9604%3a+An+error+occurred.+The+authorization+server+was+not+able+to+fulfill+the+request.'. Error_Uri (may be empty): ''."

I have put /Apps/Shell/Pages/Logout.aspx as logout endpoint but I see now that it is just a resulting page after logging out. Sign out link has # as a value for href attribute.

I couldn't figure out what URL should be provided to the IT team that is responsible for setting up the ADFS to function properly. 

#189200 Mar 13, 2018 13:33
  • Member since: 2012

    Anyone? I am guessing that logging out of a manager part is done in js. Is that correct? If so what URL is the one that handles the actual logging out?

    #189283 Mar 14, 2018 14:28
  • Member since: 2016

    Not sure if I'm of any help here but if you visit <cm-root-location>/Apps/Shell/Pages/logout.aspx you get logged out of your session.

    When you click the logout link from inside CM there is some javascript that redirects you to that page. The codebehind file for logout.aspx does 


    If you want to investigate further the .xml-file that configures the logout button can be found under "~/Apps/Shell/Config/View/TopMenu.xml". There you'll see the <button>-tag for id="SignOutBtn" that is configured to run the command "ECF_Top_SignOut".

    ECF_Top_SignOut is specified in the same file and is configured with a <ClientScript>-tag that does "CSManagementClient.OpenInternal('~/logout.aspx')".

    #189369 Mar 16, 2018 13:04