Integration with ADFS2 as service provider returns error ID4270

Problem

While configuring using Ubisecure SSO as an IDP and ADFS2 as an SP, the following error is displayed:

ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.

The event viewer log shows:

The Federation Service encountered an error while processing the SAML authentication request.

Additional Data

Exception details:

System.InvalidOperationException: ID4270: The 'AuthenticationMethod' used to create a 'SAML2' AuthenticationStatement cannot be null.

at Microsoft.IdentityModel.Threading.AsyncResult.End(IAsyncResult result)

at Microsoft.IdentityModel.Threading.TypedAsyncResult`1.End(IAsyncResult result)

at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.Issue(IssueRequest issueRequest)

at Microsoft.IdentityServer.Service.SamlProtocol.SamlProtocolService.ProcessRequest(Message requestMessage)

Solution

By default, the response created by Ubisecure SSO does not contain an optional authentication context class reference (AuthnContextClassRef ) value, which ADFS2 expects. Set an authentication context class value for each of the authentication methods used with this SP. This setting is made using Ubisecure SSO Management from the Home -> Methods tab, as described in the Ubisecure SSO Management document. ADFS2 supports a subset of the SAML authentication context classes.

Related articles

• Page:
  Windows error "This app can't run on your PC"
• Page:
  SAML SP for Java: CONFIG_ERROR: ServiceProvider: no identity provider
• Page:
  SAML authentication: NullPointerException at JCEMapper.getJCEKeyAlgorithmFromURI
• Page:
  Integration with ADFS2 as service provider returns error ID4270
• Page:
  How to integrate application with Ubisecure SSO