[SOLVED] Error AADSTS75011 during SAML SSO
If you see “Error AADSTS75011 — Authentication method by which the user authenticated with the service doesn’t match requested authentication method AuthnContextClassRef” during SAML Single sign-on and you want to resolve it, read on.
An example of the full error message is as below.
AADSTS75011: Authentication method ‘X509, MultiFactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Contact the <App name> application owner.
The error message means the user signed-in to Azure AD with Authentication method ‘X509, MultiFactor’. However the SAML app requested users to authenticate with ‘Password, ProtectedTransport’. It is specified RequestedAuthnContext which is a value in SAML Request sent from SAML app to Azure AD. As authentication method doesn’t match, Azure AD is throwing error before sending SAML Response.
Luckily, it is common issue and we have the solution instead of asking users to sign-in with password every time.
RequestedAuthnContext is an optional value sent from SAML app to Azure AD. So please ask the application developer/vendor if it could be removed from SAML Request. Or if they can add ‘Unspecified’ method to RequestedAuthnContext.
For more information, please refer this document.
Happy Troubleshooting!
Connect with me on LinkedIn:
https://www.linkedin.com/in/namsoochoi/
Disclaimer: All postings are provided “AS IS” with no warranties, and confer no rights. All opinions expressed are my own and are not of my employer.
