ADFS 4.0 (2016 TP5) with custom MFA RRS feed

  • Question

  • Hi,

    I have a question regarding working with custom MFA between 2 federated domains.

    I have an ADFS 4.0 server in domain B with custom MFA(developed by me) and claim aware application that the access to it is configured to permit everyone and require MFA(access control policy). At domain A there is no MFA requirement configured.

    Here is a diagram showing my enviroment:

    ADFS (Domain A)  -----RP---->  ADFS (Domain B) ----RP+MFA--> APP(Domain B)

    When I access to the app using the browser from domain A, i get the following error:

    Encountered error during federation passive request. 
    Additional Data 
    Protocol Name: 
    Relying Party: 
    Exception details: 
    Microsoft.IdentityServer.RequestFailedException: No strong authentication method found for the request from http://adfs.domainB.local/adfs/services/trust.
       at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
       at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

    *It's also happens in ADFS 2012R2.


    • Edited by maor18 Monday, August 15, 2016 3:23 PM
    Sunday, August 14, 2016 7:25 PM