AADSTS75011 by which the user authenticated with the service doesn't match requested authentication

Hello Josse,

The error message that you are getting is because the authentication request sent by the application is not accepted by azure AD.

Note :- "PasswordProtectedTransport" is a parameter which is included when the authentication request is sent to the IDP using SAML.

Below mentioned is an example of sample saml auth request, 

<saml:AuthnContext>

<saml:AuthnContextClassRef>

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

</saml:AuthnContextClassRef>

</saml:AuthnContext>

</saml:AuthnStatement>

Check it from the rfc of saml - http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html

The purpose of this parameter is prompt user to enter credentials even if sso is enabled in the enterprise.

Now I am not really sure what is happening with this request, if you look closely there is a ","

between password and protected transport.

Also below mentioned is a sample saml request that should be sent to azure ad - 

<samlp:AuthnRequest
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
ID="id6c1c178c166d486687be4aaf5e482730"
Version="2.0" IssueInstant="2013-03-18T03:28:54.1839884Z"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
<Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://www.contoso.com</Issuer>
</samlp:AuthnRequest>

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-single-sign-on-protocol-reference

Also please refer to the article mentioned above :- 

RequestAuthnContext

The RequestedAuthnContext element specifies the desired authentication methods. It is optional in AuthnRequest elements sent to Azure AD. Azure AD supports only one AuthnContextClassRef value: urn:oasis:names:tc:SAML:2.0:ac:classes:Password

In order to get this fixed, I think you can ask your developer to change the authentication request for this application.

Regards,

Rishabh