ADFS 4.0 -Windows 2019 ADFS plugin not working for OTP generation

The privacyidea-adfsprovider plugin is configured as additional
authentication provider for adfs. The Adfs is level 5 with Windows 2019. We
have configured admin credentials in config.xml for challenge/response and
are using for otp sms token. While it is working with auto-registration for
users using event handler policy but in 6 out of 10 requests, the otp page is not shown and some cases the username is not passed on after otp validation.

Provider Version:
PrivacyIDEA Version: 3.3

Following messages in the Windows Event Manger :
triggerChallenge: The remote server returned an error: (400) Bad Request.
System.Net.WebException: The remote server returned an error: (400) Bad Request.
at System.Net.WebClient.UploadValues(Uri address, String method, NameValueCollection data)
at privacyIDEAADFSProvider.OTPprovider.triggerChallenge(String OTPuser, String realm, String token)

An authentication provider was successfully loaded: Identifier: ‘privacyIDEA-ADFSProvider’, Context: ‘Proxy device TLS pipeline’

PrivacyIDEA Policy definiton:
Events: Validate_Check, validate_triggerChallenge
Handler: Token pre 0
User_token_number: 0
Action: Enroll
TokenType: SMS

It’s privacyidea, not ideaprivacy…

IIRC, ADFS 4 is in Windows Server 2016… 2019 has ADFS 5…

Which plugin did you use?

Provider Version:


Did you ger any longer on this ?

You could take a look here. But I think it only works for up to 50 users at no costs.

Thank you @cornelinux
I’vbe seen thar an actually considered testing it out in a limited environment with about 20 users,
In the readme it says install by running the msi file, and it seems I have to build this msi file myself.

but my biggest issue is that I'm not a programmer so I don't know how to cuild this msi file

My bat, I did actually find the release while searcing. Thx again


1 Like