We’re in the process of setting up SAML. It works correctly when users log into Microsoft with their username and password. However, if someone signs in using Windows Hello or another passwordless method, it results in an error.
AADSTS75011: Authentication method 'X509, MultiFactor,
PasswordlessPhoneSignIn, X509Device' by which the user authenticated with the service doesn't match requested authentication method 'Password ProtectedTransport
Based upon ChatGPT and Google we should be able to set requestedAuthnContext => false. How can we get sugar to accept this? What can we add to the config_override.php to make this setting happen? I tried,which didn't seem to resolve the issue. Thoughts?
$sugar_config['SAML_security_requestedAuthnContext'] = false;