AADSTS75011 Error on Edge (Azure AD Joined machines)

New Contributor

I have just setup SSO for a new enterprise application.

On AzureAD joined machines, it works in Chrome and Edge InPrivate mode. In normal edge, we get the following error:

 

AADSTS75011: Authentication method 'X509, MultiFactor' by which the user authenticated with the service doesn't match requested authentication method 'Password, ProtectedTransport'.

 

I have read about adding the following to SAML request but this is not possible with the vendor currently:

'authnContextClassRef' : false

 

This only affects AzureAD joined machines on Edge. When I test from a Hybrid joined machine there is no such issue.

 

Is there any way to resolve this from the Azure side?

2 Replies

@mickyc1982 

We just ran into this exact same issue today with an application sending the optional/unnecessary RequestedAuthnContext info in the SAML request.  But, also narrowed down to only Edge/AAD joined affected.  Also, seems to correlate to Primary Refresh Token (PRT) with MFA/Windows Hello being used.

 

Did you manage to find any solution that wasn't reliant on the software vendor?

@Born_Slippy in the settings for the 3rd party application I had to disable AuthnContext altogether. Once this was unchecked this resolved the issue for us