After an upgrade to HCL SafeLinx 1.4.4 in January we have been facing the issue that the authentication of HCL Nomad Web or HCL Nomad Mobile was not possible against an ADFS server.

During different remote session with the HCL Support we have been able to solve the problem by changing the following setting from “Strict” to “Lax”:

We changed this settings because the guys from the ADFS team checked their logs and could see the following error: MSIS7042. What we could see was that the SAML authentication contacted the ADFS server for about 6 to 7 times per second to check if the token still was active.

This caused the ADFS server to categorize the connection requests as a kind of attack and blocked the communication with the SAML server of HCL SafeLinx and therefore we received the following error:

Error: SAML provider returned Responder error: unspecified
at SAML.validatePostResponseAsync (/snapshot/app/node_modules/@node-saml/node-saml/lib/saml.js:605:39)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)

So if you’re probably are facing the same issue please try to change the SameSite token value and restart the SafeLinx services.