Hi,
I have a question regarding working with custom MFA between 2 federated domains.
I have an ADFS 4.0 server in domain B with custom MFA(developed by me) and claim aware application that the access to it is configured to permit everyone and require MFA(access control policy). At domain A there is no MFA requirement configured.
Here is a diagram showing my enviroment:
ADFS (Domain A) -----RP----> ADFS (Domain B) ----RP+MFA--> APP(Domain B)
When I access to the app using the browser from domain A, i get the following error:
Encountered error during federation passive request.
Additional Data
Protocol Name:
Saml
Relying Party:
http://adfs.domainB.local/adfs/services/trust
Exception details:
Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from http://adfs.domainB.local/adfs/services/trust.
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)
*It's also happens in ADFS 2012R2.
Thanks
