Article ID: 2839590 - View products that this article applies to.
When a federated user signs out of a Microsoft cloud service such as Office 365, Windows Intune, or Windows Azure, the user receives the following error message on login.microsoftonline.com:
There is a problem with this website's security certificate
This issue occurs when an HTTP URL is used for the logout URL, but the logout process uses HTTPS to access the URL. If the URL can't accept HTTPS connections, the user receives the error message.
For example, this issue occurs if the logout URL is http://idp.contoso.edu/idp/logout.htm and the logout process tries to access it by using https://idp.contoso.edu/idp/logout.htm.
To protect the confidentiality of personally identifiable information (PII) that's contained in the Security Assertions Markup Language (SAML) logout request, a secure (HTTPS) connection is required. Review your security token service (STS) documentation to determine what the logout URL should be.
To resolve this issue, try Method 1. If Method 1 doesn't resolve the issue, use Method 2.
Method 1: Make sure that the logout URL can accept HTTPS requestsUpdate the logout URL so that it can accept HTTPS requests. To do this, open the Windows Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Note In this command, <LogOffUri> represents your logout URL.
Set-MsolDomainFederationSettings -DomainName user.contoso.com -LogOffUri <LogOffUri> -PreferredAuthenticationProtocol SAMLP
Method 2: Remove the HTTP URL that's specified in the LogOffUri parameterWindows Azure Active Directory (Windows Azure AD) will automatically display a message to notify the user to close the browser when the user logs off if a logout URL isn't specified.
To remove the HTTP URL that's specified in the LogOffUri parameter, open the Windows Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Important Make sure that there's a space between the quotation marks (" ") in the command line.
Set-MsolDomainFederationSettings -DomainName contoso.com -LogOffUri “ ” –PreferredAuthenticationProtocol SAMLP
Still need help? Go to the Office 365 Community
(http://community.office365.com/)website or the Windows Azure Active Directory Forums
Article ID: 2839590 - Last Review: December 3, 2013 - Revision: 9.0
Contact us for more help
Connect with Answer Desk for expert help.