The login process didn't result in a principal that could satisfy the AuthnRequest. Without a successfully authenticated user, the IdP has to return an error to the SP.
You want to compare the AuthnContext requested in the AuthnRequest, SP metadata, and relying party configuration to the AuthnContexts that resulted from the MFA process. There might have been no result from authentication at all, or the resulting principal types might not match, so they can't be used.
There will be something helpful in the logs.
I hope this helps,
On Mon, May 14, 2018 at 4:18 PM, Noriyuki TAKEI <[hidden email]> wrote:
I'm using MultiFactorAuthnConfiguration in Shibboleth 3.3.2.
But error as below occurred when accessing the sp.