So after successfully Implementing Office 365 single sign-on using custom authentication/claims provider in ADFS 3.0, I can confirm our web SSO is working, but now we have a new problem:
The Federation Service could not satisfy a token request because the accompanying credentials do not meet the authentication type requirement of 'http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password' for the relying party 'urn:federation:MicrosoftOnline'.
Authentication type:
Desired authentication type(s): http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password
Relying party: urn:federation:MicrosoftOnline
This request failed.
This is an ADFS error registered in Event Viewer when attempting to use OneDrive on an iOS device in conjunction with our custom claims provider. It basically says to me, "your outbound UPN and ImmutableID claims to Office 365 is fine for your web browser, but our mobile apps are expecting a 'different' claims provider (or authentication method), specifically username/password" as hinted by the Desired authentication type(s) line.
Does anyone know how we can write an outbound claim rule for the Office 365 Identity Platform relying party that will satisfy "requirement?"
EDIT: This has actually been resolved. I don't quite remember how/why/what, but I'll post an update if it comes to me.
