-
Title
External Federation Authentication to SPP fails with error AADSTS75011 -
Description
When trying to activate the Azure function "Azure Passwordless Phone SignIn" for the users (while using external Federation to Azure for Safeguard) the following error is received during Safeguard login:
AADSTS75011: Authentication method ‘X509, MultiFactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’.
-
Cause
This error may occur when using external federation with Azure AD that is enabled for Passwordless login. -
Resolution
You may fix this problem by updating the Safeguard Identity Provider information using the Safeguard API. This is available from Safeguard 6.11.
1. Go to the Safeguard Core API using Swagger:
https:///service/core/swagger/index.html#
2. Authenticate.
3. Click on the “IdentityProvider” section to expand it.
4. Click on the first GET /v3/IdentityProviders to expand that section and enter a filter to only select the name of your External Federation provider.
5. Scroll down and click the Execute button to get the results.
6. Click the copy button to copy the entire JSON result.
7. Scroll down and expand the PUT /v3/IdentityProviders/{id} and paste in the JSON as well as specify the id. In the pasted JSON, remove the leading and trailing brackets “[“ and “]” such that the JSON starts and ends with curly braces instead.
8. Modify the JSON that you pasted by AuthnContextClasses property and changing the value to the empty string, then execute the method to save the changes:
-
Change Request
275511 -
Additional Information
Azure Passwordless Authentication: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-passwordless-phone