Question
Why do I get an error message from the entitlement portal saying ‘Unexpected application exception, please report an issue’?
Answer
We have seen some customers experiencing difficulties accessing the portal via their Single Sign On protocol.
The new Entitlement Portal uses the newest SSO protocols from Microsoft Entra. Often, the sign in problem appears to be related to the use of an older Active Directory Federation Service (ADFS) issuing SAML 1.1 tokens instead of SAML 2.0 tokens. The problem is that Microsoft Entra does not trust SAML 1.1 tokens from ADFS. The tokens lack tenant IDs which Entra expects, and they are not signed with certificates that Entra can verify.
An ADFS federation metadata URL is a publicly accessible HTTPS endpoint on an ADFS server that provides a machine‑readable XML document describing how other systems can trust and communicate with that ADFS instance. See example generated by Co-Pilet in figure 1.
Fig 1, an ADFS URL example
This is a Microsoft Entra issue, where Entra does not recognize some SSO certificates. We are working with Microsoft to find a solution. The work around is for the company Administrator to use an alternative email address for managing users and entitlements in the portal. If they do this, the Administrator can access the Portal, but not via their SSO.
For the time being, our Customer Care team can onboard an alternative admin so this is not effecting the MIKE software usage in your organization.