Symptoms

Assume that you use ADFS 3.0 for authentication from Active Directory that is installed on a Windows Server 2012 R2-basd computer. When you go to a Single Sign-On (SSO)-enabled website that uses Security Assertion Markup Language (SAML) 2.0 authentication, this issue occurs and you cannot access the website.

Note This issue does not occur if you use ADFS 2.0 for authentication.

Cause

This issue occurs because there is no appropriate authentication method presented to ADFS 3.0. Specifically, ADFS 3.0 returns an inappropriate response without a NoPassive sub-status code to SAML 2.0 request that contains the IsPassive=True attribute.

Resolution

To resolve this issue, install the December 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

See the terminology that Microsoft uses to describe software updates.

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×