dl1j6 (dl1j6) asked a question.
Having the same issue described in this stackoverflow post: https://stackoverflow.com/questions/64226039/logout-not-working-in-asp-net-mvc-website-using-okta-ws-fed
I have an ASP .NET MVC web application which uses OKTA as IdP. I am using WS-Federation OKTA template to configure the application with OKTA. I am using a FederatedSignOut (from WSFederationAuthenticationModule) to signout from the Application. However, I am getting the below error on Logout.
"The WS-Fed App is misconfigured. Please contact your administrator. The value of the WS-Fed App realm received is empty or incorrect. (Realm Value = "{0}")"
Do we need to pass the realm to redirect it to Logout page? Does the OKTA WS-Federation template support Logout at all ?
Ciprian from Okta here,
Sadly we don't support global/single logout for WS-Fed
Regarding the error received you might want to check if it's a default value provided by the Okta setup instructions or if the value is provided by the SP.
If you leave the realm name empty, Okta generates a realm name with the app's external key; for example https://[orgname].okta.com/app/template_wsfed/sso/wsfed/passive. The relying party uses a common endpoint for requests, and the target app instance is identified by the wtrealm=urn:okta:app:[key] query parameter
https://help.okta.com/en/prod/Content/Topics/Apps/Apps_Configure_Okta%20Template_WS_Federation.htm