Please close this issue - I'm only raising it as a record of an issue I've been fighting with for the last few days with integrating to a client's ADFS server in the hope it might help someone else in future.

We've developed a multi-tenant app that uses passport-saml to support SAML integration into various client's ADFS servers for identity. This was working fine for many clients and then we had a strange issue.

For one client they could authenticate absolutely fine when logging in from outside their corporate network (e.g. through smartphone browser) but when logging in on their corporate network we got this error from passport-saml:
SAML provider returned Responder error: NoAuthnContext

Same users - same ADFS server - different behaviour if outside or inside their corporate network.

After much struggling it was discovered that passport-saml by default includes a RequestedAuthnContext of "PasswordProtectedTransport" (PPT). The clients AD FS was setup such that requests coming from within their corporate network did not support PPT and insisted that the Windows Federation Authentication protocol be used for the authentication context.

passport-saml was requesting that only the PPT authentication context be used and this was causing our error NoAuthnContext.

Fortunately, passport-saml has an easy fix for this ... you need to set the option:
disableRequestedAuthnContext: true
when setting up your SAML passport strategy. By doing this the SAML request will not request any particular authentication context and allow ADFS to make its own decision.

Problem solved.