When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:
AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"
Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.
RequestedAuthnContext
minimum
exact
In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.
This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.
urn:oasis:names:tc:SAML:2.0:ac:classes:Password
AuthnContextClassRef
This article applies to Appian version 7.11 and later.
Last Reviewed: August 2018