When the duo adfs adapter (version 2.2.0.510) is enabled on a RPT, we get the following error in the ADFS/Admin log.  If we disable duo on a specific relying party, that relying party works as expected.  Problem started after a new certificate was added as secondary on the ADFS servers, and then rebooted.  Problem went away after removing the secondary certificates.  Any ideas on what caused the issue?  We will need to add back the secondary before the primary certificates expire.

Error:

Encountered error during federation passive request.

Additional Data

Protocol Name:
Saml

Relying Party:
https://xyz.com

Exception details:
System.IO.InvalidDataException: Authentication failed. Unable to deserialize context data received from the authentication provider. ---> System.Security.Cryptography.CryptographicException: Invalid provider type specified.