Integration with ADFS2 as service provider returns error ID4270

Problem

While configuring using Ubisecure SSO as an IDP and ADFS2 as an SP, the following error is displayed:

ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.

The event viewer log shows:

The Federation Service encountered an error while processing the SAML authentication request.

Additional Data

Exception details:

System.InvalidOperationException: ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.

at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)

at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result)

at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.Issue(IssueRequest issueRequest)

at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.ProcessRequest(Message requestMessage)

Solution

By default, the response created by Ubisecure SSO does not contain an optional authentication context class reference (AuthnContextClassRef ) value, which ADFS2 expects. Set an authentication context class value for each of the authentication methods used with this SP. This setting is made using Ubisecure SSO Management from the Home -> Methods tab, as described in the Ubisecure SSO Management document. ADFS2 supports a subset of the SAML authentication context classes. For more information, see http://msdn.microsoft.com/en-us/library/hh599318.aspx

Related articles

• Page:
  Ticket validation error: Invalid Property: AuthnRequest: Signature: REQUESTER for unsigned SAML requests
• Page:
  "Remove" button not working for remove role functionality issue in CID
• Page:
  "The password can not be reset at this time" Error in password-reset application for CustomerID User
• Page:
  Unable to get data source: CustomerID SQL DataSource
• Page:
  SAML Compatibility Flags