KB-1686 "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 17:25:10 GMT

Current Revision posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 5:25:10 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jussi Lundstedt — Thu, 30 Aug 2018 19:36:03 GMT

Revision 1 posted to Appian Knowledge Base by Jussi Lundstedt on 8/30/2018 7:36:03 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, which is not supported by Azure AD as of August 2018.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for "Authentication Method" to None, and retest the authentication.

This has the impact of having AzureAD use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018.

Tags: SAML, authentication, ADFS

KB-1686 "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 17:24:24 GMT

Revision 10 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 5:24:24 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-1686 "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 17:23:58 GMT

Revision 9 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 5:23:58 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-1686 "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 17:20:53 GMT

Revision 8 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 5:20:53 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jussi Lundstedt — Thu, 30 Aug 2018 17:02:36 GMT

Revision 7 posted to Appian Knowledge Base by Jussi Lundstedt on 8/30/2018 5:02:36 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jussi Lundstedt — Thu, 30 Aug 2018 16:59:52 GMT

Revision 6 posted to Appian Knowledge Base by Jussi Lundstedt on 8/30/2018 4:59:52 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This prompts AzureAD to use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 16:48:30 GMT

Revision 5 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 4:48:30 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This has the impact of having AzureAD use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, integration, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 16:47:53 GMT

Revision 4 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 4:47:53 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This has the impact of having AzureAD use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jordan Horwat — Thu, 30 Aug 2018 16:46:29 GMT

Revision 3 posted to Appian Knowledge Base by Jordan Horwat on 8/30/2018 4:46:29 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for Authentication Method to None and retest the authentication.

This has the impact of having AzureAD use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018

Tags: SAML, authentication, ADFS

KB-XXXX "SAML authentication request's RequestedAuthenticationContext's Comparison value must be 'Exact'" error thrown when using Microsoft Azure AD as a SAML Identity Provider

Jussi Lundstedt — Thu, 30 Aug 2018 15:39:01 GMT

Revision 2 posted to Appian Knowledge Base by Jussi Lundstedt on 8/30/2018 3:39:01 PM

Symptoms

When setting up a new SAML configuration using Microsoft Azure AD as the SAML Identity Provider, the following error is thrown when authenticating:

AADSTS90023: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "Exact"

Cause

Appian uses a RequestedAuthnContext comparison type of minimum, while Azure AD requires Service Providers to use exact, which is not supported by Appian.

Action

In Appian's SAML settings located in the Appian Administration Console, set the value for "Authentication Method" to None, and retest the authentication.

This has the impact of having AzureAD use urn:oasis:names:tc:SAML:2.0:ac:classes:Password as the AuthnContextClassRef value, as this is the only one supported by Azure AD as of August 2018.

Affected Versions

This article applies to Appian version 7.11 and later.

Last Reviewed: August 2018.

Tags: SAML, authentication, ADFS