Integration with ADFS2 as service provider returns error ID4270
Problem
While configuring using Ubisecure SSO as an IDP and ADFS2 as an SP, the following error is displayed:
ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.
The event viewer log shows:
The Federation Service encountered an error while processing the SAML authentication request.
Additional Data
Exception details:
System.InvalidOperationException: ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.
at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)
at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result)
at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.Issue(IssueRequest issueRequest)
at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.ProcessRequest(Message requestMessage)
Solution
By default, the response created by Ubisecure SSO does not contain an optional authentication context class reference (AuthnContextClassRef ) value, which ADFS2 expects. Set an authentication context class value for each of the authentication methods used with this SP. This setting is made using Ubisecure SSO Management from the Home -> Methods tab, as described in the Ubisecure SSO Management document. ADFS2 supports a subset of the SAML authentication context classes. For more information, see http://msdn.microsoft.com/en-us/library/hh599318.aspx
Related articles