The SAML Authentication request initiated from EAM has the RequestedAuthnContext parameter enabled by default with the authentication method set to PasswordProtectedTransport.
This could result in SAML Authentication failures in some cases like the ‘password-less’ or ‘windows-hello’ authentication supported by Azure AD where the issue could be resolved by excluding the RequestAuthnContext parameter from the SAML Authentication Request.
To exclude the RequestedAuthnContext parameter from the SAML Authentication Request the value of the install parameter, EXRASAML, should be set to YES.