question

RadhaRajendran-2501 avatar image
0 Votes"
RadhaRajendran-2501 asked BrunoGenovese-3149 edited

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '0eaef1b0-06fc-46af-b4db-beeab7b07069'.

Request Id: 4cd07840-1eb4-4f10-9d23-06f2e1602700
Correlation Id: 259fa420-3ab7-46cb-a3b2-7788e0ab3abf
Timestamp: 2021-03-19T19:53:37Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '0eaef1b0-06fc-46af-b4db-beeab7b07069'.

I am working on POC followed below url to build spring boot and aZure ad applciaiton.
https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory

Any leads to resolve this issue is appreciated

azure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered BrunoGenovese-3149 edited

Hi @RadhaRajendran-2501,

Based on your correlation ID, it looks like you have one listed as http://localhost:8080/login/oauth2/code/azure and the other listed as http://localhost:8080/login/oauth2/code/

Because the one has "azure" at the end and the other does not, that is probably the reason for the error.

As you probably know, the reply URL in your code needs to match exactly what you have in your app registration. There cannot be any mismatched spaces, slashes ("/"), or parameters. Also, if you're testing locally you would have the local application URL and if you're testing with a published app you would redirect the user to the published application. The app ID and tenant ID also need to match both in the code and the registration.

Hope this helps!



If you find this answer helpful, don't forget to "mark as answer" and leave a five-star rating.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is a common problem experienced by most Java developers when authenticating through Azure.

The solution - for a basic setup - is indeed as mentioned in this thread:

  • Define the reply URL as http://localhost:8080/login/oauth2/code/ in the AppRegistration/Authentication/RedirectURI entry.

  • Or better yet, use the azure.activedirectory.redirect-uri-template spring boot property to ensure that the Spring Azure JARs use the exact URL you enter in Azure.

CAUSES of the problem and SUGGESTED FIXES to eliminate the issue:

  • The URL is not always the /login/oauth2/code/ path listed above. It changes depending on how you deploy. If you deploy to a server instead of localhost you must replace that portion with the correct server and port in the Azure Registration. If you deploy as a WAR on an application server you have to add the webapp name as part of the path. And other things seem to affect what the request URL looks like, and nothing tells you what it is going to be. The only reliable SOLUTION I found is to use the property to ensure the library will use the exact same request URL as the one registered in Azure.

  • The error message tells you that the request and registered URL don't match... but totally fails to tell you what URL the request is using, so it makes it very difficult to correct. SOLUTION: Fix that error message so that it displays the request's URL.

  • I never saw that property mentioned anywhere before reading this thread. SOLUTION: Improve the documentation for the Spring Azure JARs and make such documentation easy to find.


0 Votes 0 ·
RadhaRajendran-2501 avatar image
0 Votes"
RadhaRajendran-2501 answered MarileeTurscak-MSFT commented

Hi Thank you for the response. I just tried before your answer and it worked. However, how will i know which is the right reply URL. This is my first trial application for which i used/followed the steps provided in microsoft website.

https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory

So how will i know the right reply URL to give and if i need to make change on the redirect url, how do I override and what the redirect URL should do.

Thanks,
Radha

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @RadhaRajendran-2501,

Glad it worked! The sample says it should be http://localhost:8080/login/oauth2/code/azure

That said, it's just the page where the user gets redirected after logging in, so it can really be whatever you want.

0 Votes 0 ·

Hi I Just understood that, but my question is how to i Change that URL so that my application works with different reply URL

0 Votes 0 ·

You can add it in the code the same way you configure the other properties in the app registration:

 azure.activedirectory.redirect-uri-template

https://github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/azure-spring-boot-starter-active-directory/CHANGELOG.md

Then you can add more than one redirect URI in the registration itself if you would like.

0 Votes 0 ·