I'm working on enabling login to an adfs-federated Enterprise Web App through AAD SAML. I haven't found any good documentation on the matter (or blogpost) which describes my specific usecase so I'm mostly doing trial and error. I know there are a few microsoft doc pages about federating enterprise apps and adfs but in my case I need to strictly avoid using Azure AD connect so I'm stuck without any reliable documentation (that I've found this far)
Background info on the situation and overview
The SAML cycle should be SP initiated (starts on the ADFS authentication page) by choosing the AAD-based login on login.microsoftonline.com/app_id page and then bring back to the application page.
The IdP should be Azure Active Directory (where the users should be stored, also AAD should pass the claims to ADFS) and that's pretty much the bulk of the relevant information.
Now, a few weeks ago I had it all set up (enteprise app created in my Azure tenant, federation metadata document imported in the relying party trust I created in adfs corresponding to the web app, thumbprint added in the web config for the IIS web application, endpoints configured in the Relying Party's properties, all of the relevant properties set in Azure in terms of application ID and assertion consumer service URL) and everything except the claim passthrough was configured and working properly.
I logged in through the ADFS page, chose the Enterprise Application amongst the "Tiles", got redirected to the login.microsoftonline page, logged with the user, got redirected again to the application page where I got an applicative error due to no claims (of course, since I hadn't configured this part yet). All good.
The problem at hand:
Recently, I picked the matter up again and I noticed that in Azure I have a new claim configured (unless I'm hallucinating and it's always been there?)
I'm having a hard time uploading an image so
https : //imgur.com/a/MlfMakz
this is what I'm talking about. I haven't changed this part, and now when I login I'm getting this error
https : //imgur.com/a/JAIuXzV
on the /wsfed endpoint of the login.microsoftonline/appid page that the authentication process takes me to (after inserting my credentials).
Does anyone know how to handle this? If any additional information is required to make the scenario clearer, let me know please. I have already tried the Azure embedded troubleshooting tool that is supposed to take in the error code and give you assistance in solving the problem, but it doesn't recognize this one. Also advanced troubleshooting disables itself every time I enable it and refresh (extensionless updated Chrome)
Thanks a lot in advance