SSO error occurs upon your first visit to websites through ADFS 3.0 that is enabled in Windows Server 2012 R2

Applies to: Windows Server 2012 R2 DatacenterWindows Server 2012 R2 StandardWindows Server 2012 R2 Essentials

Symptoms


Assume that you use ADFS 3.0 for authentication from Active Directory that is installed on a Windows Server 2012 R2-basd computer. When you go to a Single Sign-On (SSO)-enabled website that uses Security Assertion Markup Language (SAML) 2.0 authentication, this issue occurs and you cannot access the website.

Note This issue does not occur if you use ADFS 2.0 for authentication.

Cause


This issue occurs because there is no appropriate authentication method presented to ADFS 3.0. Specifically, ADFS 3.0 returns an inappropriate response without a NoPassive sub-status code to SAML 2.0 request that contains the IsPassive=True attribute.

Status


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References


See the terminology that Microsoft uses to describe software updates.