After enabled External IDP (SAML), AD users cannot be authenticated when logging with App Center Agent.
In the App Center Agent, end user will get a error message saying:
401 - Unauthorized: Access is denied to invalid credentials.
Integrated Windows authentication (IWA) is set by default in the AD Federation Services. App Center supports "Forms-based authentication" (FBA) and it was not set in the web.config file.
In order to enable end users to be authenticated, we need to make sure that the "Forms-based authentication" (FBA) is properly set in the web.config file. FBA needs to be move to the top of the <localAuthenticationTypes> as below: