Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ACAS SAML fails against Azure AD #807

Closed
brianbolt opened this issue Oct 20, 2021 · 0 comments · Fixed by #808
Closed

ACAS SAML fails against Azure AD #807

brianbolt opened this issue Oct 20, 2021 · 0 comments · Fixed by #808
Assignees
@brianbolt

Comments

@brianbolt
Copy link
Contributor

ACAS login fails if user already authenticated against AD with:

AADSTS75011: Authentication method 'Windowslntegrated' by which the user
authenticated with the service doesn't match requested authentication method
"Password, ProtectedTransport'. Contact the ACASDev application owner.

The is this:
https://docs.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts75011-auth-method-mismatch

The fix is to use the option: disableRequestedAuthnContext: true

disableRequestedAuthnContext: if truthy, do not request a specific authentication context. This is known to help when authenticating against Active Directory (AD FS) servers.

https://github.com/node-saml/passport-saml
@brianbolt brianbolt self-assigned this Oct 20, 2021
brianbolt added a commit that referenced this issue Oct 20, 2021
@brianbolt
ACAS SAML fails against Azure AD
3203b69 
Fixes #807
@brianbolt brianbolt mentioned this issue Oct 20, 2021
Merged
brianbolt added a commit that referenced this issue Oct 20, 2021
@brianbolt
ACAS SAML fails against Azure AD
9d24cff 
Fixes #807
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianbolt brianbolt

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ACAS SAML fails against Azure AD mcneilco/acas
1 participant
@brianbolt