I'm configuring trying to configure an IIS based Web App to accept a SAML authentication flow shaped this way:
An Azure tenant on which some users are provisioned acts as IdP and is federated with AD FS for the SAML authentication flow
On AD FS, the app is a Relying Party that updates itself through the Azure Enterprise App metadata.xml
the users can then input the url of the app (https://example.certificate.com/), go through AD FS immediately to login.microsoftonline.com/app_id , and login with their microsoft account, then be redirected back on the application.
Now, after configuring everything, endless tries and research, I'm stuck at a point where I get
AADSTS20001: The sign-in response message does not contain an issued token.
I suspect my AD FS has some misconfiguration somewhere which doesn't allow it to send a proper token to AAD to finish the SAML cycle. This should be a SP initiated SAML but it's not working.
Can anyone please help with this?