ADFS 4.0 -Windows 2019 ADFS plugin not working for OTP generation

The privacyidea-adfsprovider plugin is configured as additional
authentication provider for adfs. The Adfs is level 5 with Windows 2019. We
have configured admin credentials in config.xml for challenge/response and
are using for otp sms token. While it is working with auto-registration for
users using event handler policy but in 6 out of 10 requests, the otp page is not shown and some cases the username is not passed on after otp validation.

Provider Version: 1.3.6.0
PrivacyIDEA Version: 3.3

Following messages in the Windows Event Manger :
triggerChallenge: The remote server returned an error: (400) Bad Request.
System.Net.WebException: The remote server returned an error: (400) Bad Request.
at System.Net.WebClient.UploadValues(Uri address, String method, NameValueCollection data)
at privacyIDEAADFSProvider.OTPprovider.triggerChallenge(String OTPuser, String realm, String token)

An authentication provider was successfully loaded: Identifier: ‘privacyIDEA-ADFSProvider’, Context: ‘Proxy device TLS pipeline’

PrivacyIDEA Policy definiton:
Events: Validate_Check, validate_triggerChallenge
Handler: Token pre 0
User_token_number: 0
Action: Enroll
TokenType: SMS

It’s privacyidea, not ideaprivacy…

IIRC, ADFS 4 is in Windows Server 2016… 2019 has ADFS 5…

Which plugin did you use?


Provider Version: 1.3.6.0

sbidy/privacyIDEA-ADFSProvider