Windows Server 2016 – ADFS 4.0 Single Sign-Out error

Edit 10.07.2017: Microsoft claims to have fixed this issue in the following update:
https://support.microsoft.com/en-gb/help/4022723/windows-10-update-kb4022723

Thanks to Bikash Sharma for pointing this out.

Edit 18.07.2017: Installed the update, and can confirm that it fixed this particular problem.

There is apparently a bug in ADFS 4.0 on Windows Server 2016, that can affect single sign out / single logout.

This error message will be written to ADFS eventlog:

Encountered error during federation passive request. 
Additional Data 
Protocol Name: 
wsfed 
Relying Party: 
Exception details: 
System.ArgumentNullException: Value cannot be null.
Parameter name: collection
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at Microsoft.IdentityServer.Web.Protocols.Saml.SamlProtocolHandler.ProcessSignOut(SamlContext samlContext, String redirectUri, List`1 iFrameUris, Boolean partialLogout)

According to a forumpost Microsoft Partner Support, this will be fixed in an upcoming  fix:

https://partnersupport.microsoft.com/en-us/par_servplat/forum/par_winserv/adfs-40-on-windows-server-2016-logout-url-error/074c86d0-285b-409d-9ec5-b9a15d1fba90?auth=1

5 Replies to “Windows Server 2016 – ADFS 4.0 Single Sign-Out error”

        1. Thank you for the reply, Bikash. I have been on vacation, so I haven´t been able to follow up this particular issue. Seems like they fixed it, though I haven´t actually installed the patch yet.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.