You are currently offline, waiting for your internet to reconnect

"There is a problem with this website's security certificate" error when a federated user signs out of Office 365, Intune, or Azure

PROBLEM
When a federated user signs out of a Microsoft cloud service such as Office 365, Microsoft Intune, or Microsoft Azure, the user receives the following error message on login.microsoftonline.com:
There is a problem with this website's security certificate
CAUSE
This issue occurs when an HTTP URL is used for the logout URL, but the logout process uses HTTPS to access the URL. If the URL can't accept HTTPS connections, the user receives the error message.

For example, this issue occurs if the logout URL is http://idp.contoso.edu/idp/logout.htm and the logout process tries to access it by using https://idp.contoso.edu/idp/logout.htm.
SOLUTION
To protect the confidentiality of personally identifiable information (PII) that's contained in the Security Assertions Markup Language (SAML) logout request, a secure (HTTPS) connection is required. Review your security token service (STS) documentation to determine what the logout URL should be.

To resolve this issue, try Method 1. If Method 1 doesn't resolve the issue, use Method 2.

Method 1: Make sure that the logout URL can accept HTTPS requests

Update the logout URL so that it can accept HTTPS requests. To do this, open the Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Set-MsolDomainFederationSettings -DomainName user.contoso.com -LogOffUri <LogOffUri> -PreferredAuthenticationProtocol SAMLP
Note In this command, <LogOffUri> represents your logout URL.

Method 2: Remove the HTTP URL that's specified in the LogOffUri parameter

Azure Active Directory (Azure AD) will automatically display a message to notify the user to close the browser when the user logs off if a logout URL isn't specified.

To remove the HTTP URL that's specified in the LogOffUri parameter, open the Azure Active Directory Module for Windows PowerShell, and then run the following cmdlet:
Set-MsolDomainFederationSettings -DomainName contoso.com -LogOffUri “ ” –PreferredAuthenticationProtocol SAMLP
Important Make sure that there's a space between the quotation marks (" ") in the command line.
MORE INFORMATION
Still need help? Go to the Office 365 Community website or the Azure Active Directory Forums website.
Properties

Article ID: 2839590 - Last Review: 12/12/2014 10:15:00 - Revision: 13.0

  • Microsoft Azure cloud services
  • Microsoft Azure Active Directory
  • Microsoft Office 365
  • Microsoft Intune
  • CRM Online via Office 365 E Plans
  • Microsoft Azure Recovery Services
  • Office 365 Identity Management
  • o365 o365a o365e o365m o365022013 KB2839590
Feedback
m/ms.js" '="">ft.com/ms.js" '="">