This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 61%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB5%3C/text%3E%3C/svg%3E)
We have a Relying Party setup for SSO for a client to our application, however they are unable to log in using SSO. Upon investigation, i have found the below messages within ADFS event logs:
The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'urn:oasis:names:tc:SAML:1.0:am:password' for the relying party 'https://SITEAPPURL.com'. Authentication type: Desired authentication type(s): urn:oasis:names:tc:SAML:1.0:am:password Relying party: https://SITEAPPURL.com This request failed.
And another error:
An error occurred during processing of a token request. The data in this event may have the identity of the caller (application) that made this request. The data includes an Activity ID that you can cross-reference to error or warning events to help diagnose the problem that caused this error. Additional Data
Caller: UPN OF SSO USER
OnBehalfOf user:
ActAs user:
Target Relying Party: https://SITEURL.com
Device identity:
User action: Use the Activity ID data in this message to search and correlate the data to events in the Event log using Event Viewer. This Activity ID will also be shown as additional information in the error page when an error occurs in the federation passive Web application.
We have other clients setup in the same way with no issues and so i cannot believe that any global ADFS settings require being changed. Many thanks for your help.