Symptoms
Assume that you use ADFS 3.0 for authentication from Active Directory that is installed on a Windows Server 2012 R2-basd computer. When you go to a Single Sign-On (SSO)-enabled website that uses Security Assertion Markup Language (SAML) 2.0 authentication, this issue occurs and you cannot access the website.
Note This issue does not occur if you use ADFS 2.0 for authentication.
Cause
This issue occurs because there is no appropriate authentication method presented to ADFS 3.0. Specifically, ADFS 3.0 returns an inappropriate response without a NoPassive sub-status code to SAML 2.0 request that contains the IsPassive=True attribute.
Resolution
To resolve this issue, install the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.
Status
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
References
See the terminology that Microsoft uses to describe software updates.