Edit 10.07.2017: Microsoft claims to have fixed this issue in the following update:
https://support.microsoft.com/en-gb/help/4022723/windows-10-update-kb4022723
Thanks to Bikash Sharma for pointing this out.
Edit 18.07.2017: Installed the update, and can confirm that it fixed this particular problem.
There is apparently a bug in ADFS 4.0 on Windows Server 2016, that can affect single sign out / single logout.
This error message will be written to ADFS eventlog:
Encountered error during federation passive request.
Additional Data
Protocol Name:
wsfed
Relying Party:
Exception details:
System.ArgumentNullException: Value cannot be null.
Parameter name: collection
at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.ProcessSignOut(SamlContext samlContext, String redirectUri, List`1 iFrameUris, Boolean partialLogout)
According to a forumpost Microsoft Partner Support, this will be fixed in an upcoming fix:
June updates came out today but issue still exists 🙁
Yeah, seems they have not addressed this yet (https://support.microsoft.com/en-gb/help/4022715/windows-10-update-kb4022715). Maybe there will come a dedicated fix for this later this month, or they will address it in July cumulative update.
Fingers crossed they have not forgotten!
Hi, is this issue resolved on the latest update?
June 27, 2017—KB4022723 (OS Build 14393.1378)
FYI, This particular KB does fixed the issue.
https://support.microsoft.com/en-gb/help/4022723
Thank you for the reply, Bikash. I have been on vacation, so I haven´t been able to follow up this particular issue. Seems like they fixed it, though I haven´t actually installed the patch yet.