Problem:

While testing after configuring Azure AD SSO with Sumo Logic, we saw this error message from Azure AD.

SAML authentication request's RequestedAuthenticationContext's Comparison value must be "exact".

Cause:

This is caused by the use of a SAML 2.0 optional setting on AuthenticationContext that matters while setting up Azure Active Directory SSO. With the latest release as of October 8 2018, Sumo Logic provides for a SAML configuration setting to disable this setting.

Resolution:

The Sumo UI page for configuring SAML for SSO (Administration > Security > SAML) has a new option:  Disable Requested Authn Context.

If you check this option, Sumo Logic will not include the optional RequestedAuthnContext element of the SAML AuthnRequests that it sends to your IDP (Identity Provider) and will correct the above error.