How SSO woul work if you have 4 applications which you want to secure them using OpenID Connect token from ADFS?
These 4 applications has no user registery, however they need different claims from IdP (ADFS). Do you need to create 4 different user accounts for each user to be able to log on into all 4 applications?
If you need 4 different user accounts for each user, then do the user need to log-out first from app_1 and log-on on app_2?
I appreciate all kind of advice.
Assuming each application receives an ID Token from ADFS in OIDC mode, then each application as part of that ID Token will have access to the subject/user id, and can exchange that ID token for the user profile. ADFS running as OIDC OP will need to be configured to release the proper claims for each application, and of course each application should be requesting the proper needed scopes on initial authentication so ADFS can grant the claims needed.
Each application receives an ID token, and begins to establish their own session tied to that user. Since application sessions are independent of the SSO sessions, you need a coordinated effort if you need to implement single logout.