Silent SAML login to Azure Active Directory fails with bad request

Artu Sa 21 Reputation points
2022-10-01T14:48:31.747+00:00

We are using SAML protocol to communicate with Azure Active Directory. When we send a silent login request (IsPassive="true") we receive 400.
The error is "AADSTS50058: A silent sign-in request was sent but no user is signed in".

My question is if this is the expected behavior (400) when a user is not logged in?

Similar requests to ADFS ends up in 200 with a SAML response in return, where the response status is urn:oasis:names:tc:SAML:2.0:status:NoPassive.
The difference in the behavior in the two systems causing us issues. I'm wondering whether this is an issue on Azure side, since in my understanding for a valid SAML request the response should always be a SAML response. Maybe "IsPassive=true" is not supported by Azure?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,914 questions
0 comments No comments
{count} votes

Accepted answer
  1. risolis 8,701 Reputation points
    2022-10-02T04:49:52.513+00:00

    Hello @Artu Sa

    Thank you for that great post on this community space.

    I have read the entire case scenario description and I would like to provide the following details down below:

    246717-image.png

    https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

    Furthermore, this can be expected if no cookie exists(its lifetime was expired or did not exist at all)...

    If you feel I am missing any details please correct me or do not hesitate to let me know

    Have a good one!

    Cheers,

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


0 additional answers

Sort by: Most helpful