while debugging the issue configuring ADFS as Primary Authentication Factor for DUO SSO we figured out that the redirect URL Duo SSO generates pointing to our ADFS Servers contains the URL Query Parameter RelayState which is empty. Microsoft ADFS Server cannot process the SAML Request if &RelayState comes at the end ane throws this error.
This is a sample redirect URL:
And this the error on ADFS Server:
“System.ArgumentException: MSIS0024: The input string parameter is either null or empty.”
We managed to workaround the problem by stripping the parameter out on load-balancer.