Federation Page Error on Mobile App
We have an issue with certain mobile devices not allowing access into the SfB mobile app. Doing a quick research I have found the below KB. The error we are seeing is in issue 2 of the article. We currently reluctant to make this change without getting some more information on whether the change will defiantly fix the problem, as our ADFS server support several other applications. https://support.microsoft.com/en-my/help/3015526/how-to-troubleshoot-issues-that-you-encounter-when-you-sign-in-to-offi I have checked and forms based authentication is not selected for either extranet or intranet. I have an S7 Edge and the app doesn’t work. I also have a Samsung J5 and I can login fine with the same account. Both devices are running the same version of the app. Another user has a Samsung A3 and could login fine last week to the app, but cannot login now. He said he had a recent update and thinks that is what broke it. If I home my account on-premise I am able to log into the app fine on the S7 Edge. Why does it work on one of my Samsung devices and not the other one? Is it because the different Samsung devices support different authentication methods? Plus that article relates to Apple devices, so not even sure it is relevant to Android devices. I have opened a support case with both the O365 team and the on-premise Skype for Business team and neither of them have been able to help. I am currently speaking to the ADFS team, but they do not seem to have an answer whether or not enabling form based authentication and the support for the mobile app seems to be limited to a few FAQs on a web page. When I try to login to the non-working device the following error is logged in the ADFS server: Encountered error during federation passive request. Additional Data Protocol Name: wsfed Relying Party: urn:federation:MicrosoftOnline Exception details: Microsoft.IdentityServer.Service.Policy.PolicyServer.Engine.InvalidAuthenticationTypePolicyException: MSIS7102: Requested Authentication Method is not supported on the STS. at Microsoft.IdentityServer.Web.Authentication.GlobalAuthenticationPolicyEvaluator.EvaluatePolicy(IList`1 mappedRequestedAuthMethods, AccessLocation location, ProtocolContext context, HashSet`1 authMethodsInToken, Boolean isOnWiaEndpoint, Boolean& validAuthMethodsInToken) at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.RetrieveFirstStageAuthenticationDomain(Boolean& validAuthMethodsInToken) at Microsoft.IdentityServer.Web.Authentication.AuthenticationPolicyEvaluator.EvaluatePolicy(Boolean& isLastStage, AuthenticationStage& currentStage, Boolean& strongAuthRequried) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthMethodsFromAuthPolicyRules(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext) at Microsoft.IdentityServer.Web.PassiveProtocolListener.GetAuthenticationMethods(PassiveProtocolHandler protocolHandler, ProtocolContext protocolContext) at Microsoft.IdentityServer.Web.PassiveProtocolListener.OnGetContext(WrappedHttpListenerContext context)