I actually recently added the Microsoft logout page to µblocks domain filter at work, since it would every now and then trigger a logout the very first page load after I'd log in to the email there.

This has also somehow caused a bunch of other AD-connected systems to suddenly behave a lot better when it comes to session termination.

Edit: Since people were asking for it, this is what you need to add to the "My filters" tab in your UBO config;

||login.microsoftonline.com/common/oauth2/v2.0/logout^$document

This will prevent any requests from redirecting you to log out, timeouts etc will still invalidate your session.

[–] Isbjerg@feddit.dk 14 points 1 month ago

So, how do you do that exactly?

[–] db2@lemmy.world 7 points 1 month ago

LPT

[–] AlecSadler@lemmy.blahaj.zone 4 points 1 month ago

Oh wow. So you just added the /logout endpoint itself or something else?

[–] grueling_spool@sh.itjust.works 1 points 3 weeks ago (1 children)

WTAF. I was sceptical, but I've been using this all week and haven't once had the issue in the OP. Whereas previously I had to log in 2-3 times back to back every morning.

Any idea why this works?

[–] ace@lemmy.ananace.dev 2 points 3 weeks ago

I think the login-redirect system is just broken for ADFS, it feels like it adds all the SSO-logout URLs for all systems you're logged into to the redirect queue when it times your session out.
Which means you'll have to log in enough times to exhaust that queue before it finally reaches the actual system you're trying to log into.

But that's just an assumption.

[–] mogranja@lemmy.world 1 points 4 weeks ago (1 children)

Oh, do share.

[–] ace@lemmy.ananace.dev 2 points 3 weeks ago

Added an edit with the filter line