I'm trying to implement ADFS logout in my application, but I'm running into issues due to how cookies are handled during the logout process. Here’s the sequence of events I’m observing:

1. Login Flow:

   • After a successful login to ADFS, the following cookies are set:
     • MSISAuth
     • MSISAuth1

2. Logout Flow:

   • When I perform a logout by navigating to https://...adfs/ls/?wssignout=1.0, ADFS logs the user out and POSTs a redirect to my endpoint with a SAMLRequest containing session information.
   • Upon logout, the following cookies are deleted:
     • MSISAuth
     • MSISAuth1
   • However, the following new cookie is created:
     • MSISSignoutProtocol (with a 10-minute expiry time).

3. Second Login:

   • After logging in again in the same browser, the cookies MSISAuth and MSISAuth1 are recreated.

4. Logout Behavior on Second Attempt:

   • On a subsequent logout attempt in the same browser, the cookies MSISAuth and MSISAuth1 may not be deleted, depending on whether the MSISSignoutProtocol cookie has expired or been deleted.

What I've Tried:

• I’ve tried using the passport-saml.js saml logout method to generate a logout request, but it didn’t work.
• I also tried using the generateLogoutResponseUrl method to create a SAMLResponse, but that didn’t work either.

Problem: The logout behavior seems to be inconsistent due to the MSISSignoutProtocol cookie. I’m unable to reliably log out a user once they’ve logged in again, especially after a successful logout. The logout works if I delete or wait for this cookie to expire. I am using passport-saml.

Question: Has anyone encountered this issue with ADFS logout, and how can I resolve it? Is there a recommended way to handle the MSISSignoutProtocol cookie or properly implement a logout flow with ADFS using passport-saml.js?