I am running into an error (details below) when I get routed to https://login.windows.net/.../saml2 page from my SaaS application (PagerDuty, in this case).
Additional technical information:
Correlation ID: 88e1fe9f-530e-4159-ac5d-061da205655d
Timestamp: 2015-03-22 08:47:30Z
AADSTS90011: SAML authentication request's RequestedAuthenticationContext's Comparison value must be "exact".
SAML payload sent to windows.net has the value "minimum" for Comparison attribute which is valid per SAML specification. In fact, using Active Directory on Windows Server (i.e. non-Azure installation) is able to handle this SAML payload without any errors. Is the "exact" restriction something enforced by Azure Active Directory or PagerDuty application?