X509/FIDO Error when using SSO SAML

Issue

Users experience login problems on the LMS portal when using Windows Hello for authentication. They receive FIDO or X509 errors.

Cause

This is a known issue with the LMS portal when Windows Hello autofill is selected during sign-in OR when device is using a device based token. The LMS portal requires a password based authentication.

Workaround

Follow these steps to successfully log in:

For Chrome Users

Do NOT select the Windows Hello autofill option when signing in.
- See screenshot below for reference.
Manually type your email address in the field.
Click Next.
You should then be prompted for your password. Enter it to complete login.

For Edge Users

Use an InPrivate browsing session, OR
Switch to Google Chrome and follow the steps above.

Agents

Please reference this ticket: https://servicedesk.nextworld.net/a/tickets/413628?current_tab=details

If users are seeing this error. It is related to the SAML request enforcing passwordprotectedtransport and not allowing multiple device contexts for authentication. This needs to be edited on the applications end and not in Entra.

As a workaround, have the user use an incognito browser or Chrome and make sure they are not selecting the windows hello option. They MUST input their password. This issue is seen when a user is using edge. Due to how edge integrates with windows hello, it can automatically send the device bound token and cause this issue.