Opening an SR on this, but thought I'd ask here, too.

My NAM SP is sending an Auth Request to an ADFS IDP. AT the browser I
see the request, and it is redirected to ADFS, where it fails...

1. so my long term/larger project is to figure out why ADFS doesn't like
the Assertion. Can anyone say what might be missing or malformatted in
this to cause the dreaded MSIS7015 error?
<samlp:AuthnRequest xmlns:samlp="urnasis:names:tc:SAML:2.0rotocol"
ForceAuthn="false" ID="idjLS9YE-vXcYh-sXkR7cV2uSl7hA"
<saml:Issuer>https://<customer URI Here, removed for privacy></saml:Issuer>
<samlp:NameIDPolicy AllowCreate="true"
Comparison="minimum"><saml:AuthnContextClassRef>ur nasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef></samlp:RequestedAuthnContext><samlp:Scoping
2. But short term: I have the IDP configured in NAM to "Always use
Passive Authentication", as we are attempting to have SSO. In the
Assertion, you'll see that "IsPassive=False". Should it be? Seems it
should be true, but I find no reference to what the values "should be".

3 I also set "Force Authentication at IDP" in the NAM IDP configuration,
but in the assertion, that too is false.

Which is wrong? My assertion, or my expectation?

I'll follow up with results of my SR if I find the answer there.