ADFS is returning "SAML provider returned Responder error: unspecified" when credentials are left empty

Question

I've implemented ADFS SSO in a node api using passport-saml. Logging in works but when I don't give up any credentials and submit the login form the ADFS server returns the following error:

"SAML provider returned Responder error: unspecified"

When I try to log in again afterwards the ADFS returns straight back to the callback url and the error pops up again.

passport.use('saml', new SAMLStrategy({
    entryPoint: adfsEntryPoint,
    issuer: '{adfs-url}/login/adfs',
    callbackUrl: '{adfs-url}/login/adfs/callback',
    cert: "{CERT}",
    authnContext:'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/windows',
    identifierFormat: null,
    signatureAlgorithm: 'sha256'
}, (profile, done) => {
    const upn = profile["http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"];
    const windowsAccountName = profile["http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"];
    const user = new userModel.User(upn, "user");
    user.enabled = true;
    return done(null, user);
}));

passport.serializeUser((user, done) => {
    done(null, user);
});

passport.deserializeUser(function (user, done) {
    done(null, user);
});

router.get('/auth/adfs', passport.authenticate('saml', { failureRedirect: "/" }), (req, res) => {
    res.redirect('/');
});

router.get('/auth/adfs/callback', passport.authenticate('saml', { failureRedirect: "/" }), (req, res) => {
    res.redirect('/');
});

Answer 1

Responder is just AD FS saying something went wrong on AD FS.

To get more information about the exception that occurs on AD FS you should look into the AD FS Event Log on the AD FS server.

1. Open Event Viewer on AD FS Server
2. Go to Applications and Services Logs --> AD FS
3. Find exception

The is also alot of great articles on how to setup AD FS Tracing, but you need to find one targeted at the verion of AD FS in use.

Hope this helps you.