All: I am using ADFS 2012 R2 and have a department that wants to use ADFS for an application that is currently using only local accounts. I was able to get the system to use corporate accounts for authentication but the admin want to force authentication each time a user access the site. Currently, once the user has authenticated and leaves the site, they are immediately allowed back in the next time they access without having to provide credentials.
Clearing cookies and restarting the browser does not change the behavior of allowing the user through to the site without authenticating. “Sign out” of the application does not have any effect either.
How can ADFS force sign out of users when the leave the site or when they click the button to leave the site. I am told that ADFS handles the sign out portion as well as the sign-in portion. Brian Britt Senior Systems Analyst Vanderbilt University Security Operations | VUIT Identity Operations Team | Central Directory Services Office: (615) 322-4676 Lync: (615) 875-9858