Description

1.Context:
1.1. Between KeyCloak and Microsoft ADFS. In this case, KeyCloak will be the claims provider. Users will authenticate against KeyCloak. KeyCloak provides the identity; while Microsoft ADFS consumes this identity and is thus the relying party or service provider.
1.2. Between Microsoft ADFS and Dynamics CRM. In this case, Microsoft ADFS acts as the IdP to Dynamics CRM (SP)
1.3. Dynamics CRM is IFD

2. Authencate Step:
   For the end user, this is the flow:
   a. The end user navigates to the Workspace URL
   b. The Workspace redirects to Microsoft ADFS.
   c.Microsoft ADFS redirects to the external Identity Provider (in this tutorial, KeyCloak is used as a stand-in for an identity provider where users would authenticate using their national ID or in another way; without a direct link to their UPN).
   d.User authenticates to KeyCloak.
   e.KeyCloak sends SAML response; so KeyCloak redirects to Microsoft ADFS.
   f.Microsoft ADFS provides SAML response; so Microsoft ADFS redirects to Dynamics CRM Assertion Consumer Service (ACS) URL

3. Issue:
   The issue happen On Step e， when keycloak sends saml reponse to ADFS, adfs meet some error：Required authentication type: urn: oasis: names: tc: SLAML: 1.0: am: password
   others meet the similar error,refer this link: https://blog.csdn.net/vic0228/article/details/110350581?utm_medium=distribute.pc_relevant.none-task-blog-2~default~baidujs_baidulandingword~default-1-110350581-blog-108992329.235^v43^pc_blog_bottom_relevance_base3&spm=1001.2101.3001.4242.1&utm_relevant_index=4
   this blog show the keycloak response to adfs AuthnContextClassRef error.
   but i donot know how to fix it.

4. EVN Info:
   Keycloak: 25.0.2
   
   
   
   

Adfs:Windows 2016/Adfs 3.0

5. Please give me some suggestions for this issue, thanks !

Discussion

No response

Motivation

No response

Details

No response