After upgrading the MFA component on our ADFS server it stopped working. Further investigation showed the following event ID error:

Encountered error during federation passive request.

Additional Data

Protocol Name:
Saml

Relying Party:
https://adfs.domain.com/saml/info

Exception details:
Microsoft.IdentityServer.Web.NoValidStrongAuthenticationMethodException: No strong authentication method found for the request from https://adfs.domain.com/saml/info.
at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext)
at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)

Event ID 364, Source: AD FS, Log Name: AD FS\Admin

The upgrade inadvertently disabled the Multi-factor Authentication Method in ADFS:

In order to make it work again I had to enable the aforementioned MFA component in ADFS Management | Authentication Methods | Multi-factor Authentication Methos even though it may not be actively used:

After that everything went back to normal.

Further reading:

https://social.msdn.microsoft.com/Forums/sqlserver/en-US/bce14a02-cc4f-42ee-a5e0-94559b2ca5c8/issues-with-azure-mfa-and-adfs?forum=windowsazureactiveauthentication

Microsoft ADFS 3.0 – Event ID 364 – No strong authentication method found for the request from
Tagged on:     

Leave a Reply

Consent Management Platform by Real Cookie Banner