"There is a problem with this website's security certificate" error when a federated user signs out of Office 365, Windows Intune, or Windows Azure

Article translations Article translations
Article ID: 2839590 - View products that this article applies to.
Expand all | Collapse all

PROBLEM

When a federated user signs out of a Microsoft cloud service such as Office 365, Windows Intune, or Windows Azure, the user receives the following error message on login.microsoftonline.com:
There is a problem with this website's security certificate

CAUSE

This issue occurs when an HTTP URL is used for the logout URL, but the logout process uses HTTPS to access the URL. If the URL can't accept HTTPS connections, the user receives the error message.

For example, this issue occurs if the logout URL is http://idp.contoso.edu/idp/logout.htm and the logout process tries to access it by using https://idp.contoso.edu/idp/logout.htm.

SOLUTION

To protect the confidentiality of personally identifiable information (PII) that's contained in the Security Assertions Markup Language (SAML) logout request, a secure (HTTPS) connection is required. Review your security token service (STS) documentation to determine what the logout URL should be.

To resolve this issue, try Method 1. If Method 1 doesn't resolve the issue, use Method 2.

Method 1: Make sure that the logout URL can accept HTTPS requests

Update the logout URL so that it can accept HTTPS requests. To do this, open the Windows Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Set-MsolDomainFederationSettings -DomainName user.contoso.com -LogOffUri <LogOffUri> -PreferredAuthenticationProtocol SAMLP
Note In this command, <LogOffUri> represents your logout URL.

Method 2: Remove the HTTP URL that's specified in the LogOffUri parameter

Windows Azure Active Directory (Windows Azure AD) will automatically display a message to notify the user to close the browser when the user logs off if a logout URL isn't specified.

To remove the HTTP URL that's specified in the LogOffUri parameter, open the Windows Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Set-MsolDomainFederationSettings -DomainName contoso.com -LogOffUri “ ” –PreferredAuthenticationProtocol SAMLP
Important Make sure that there's a space between the quotation marks (" ") in the command line.

MORE INFORMATION

Still need help? Go to the Office 365 Community website or the Windows Azure Active Directory Forums website.

Properties

Article ID: 2839590 - Last Review: December 3, 2013 - Revision: 9.0
Applies to
  • Windows Azure
  • Microsoft Office 365
  • Microsoft Office 365 for enterprises (pre-upgrade)
  • Microsoft Office 365 for education  (pre-upgrade)
  • CRM Online via Office 365 E Plans
  • Windows Azure Recovery Services
Keywords: 
o365 o365a o365e o365m o365062011 o365022013 pre-upgrade after upgrade KB2839590

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com