question

LucasCunha-9617 avatar image
1 Vote"
LucasCunha-9617 asked YackelineEspaaArevaloDCATECHNOLOGY-2308 answered

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application:

We have a customer of our application using SAML with Microsoft and everything is looking good. However, two specific users are reporting not being able to login and reporting the error mentioned on the title. Other users are login in without any problem, just those two users reporting this problem.

Here is a screenshot of the problem:
10607-screen-shot-2020-06-24-at-173238.png




Can you guys help me understand what might be happening? Other accounts and other users on the same account are able to login without any issues.

azure-ad-authentication-protocols
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MarileeTurscak-MSFT avatar image
0 Votes"
MarileeTurscak-MSFT answered bharathn-msft edited

Hi @LucasCunha-9617,

Your case may be different, but this often happens for one of two reasons.

  • Azure AD was unable to identify the SAML request within the URL parameters in the HTTP request. This can happen if the application is not using HTTP redirect binding when sending the SAML request to Azure AD, and you can resolve this by sending the SAML request encoded into the location header using HTTP redirect binding

  • If you're getting the reply URL error for this situation and only for certain users, this can happen if the sign-in request does not contain an explicit reply URL. In this case Azure AD will select any of the configured reply URLs for that application. Even if the application has an explicit reply URL configured, the user may be to redirected https://127.0.0.1:444.

  • The troubleshooting guide says that deleting any unused reply URLs will help resolve this error.

  • Delete the unused reply URLs configured for the application.

  • Open the Azure portal and sign in as a Global Administrator or Co-admin.

  • Open the Azure Active Directory Extension by selecting All services at the top of the main left-hand navigation menu.

  • Type “Azure Active Directory" in the filter search box and select the Azure Active Directory item.

  • Select Enterprise Applications from the Azure Active Directory left-hand navigation menu.


  • Select All Applications to view a list of all your applications.

  • If you do not see the application you want show up here, use the Filter control at the top of the All Applications List and set the Show option to All Applications.

  • Select the application you want to configure for single sign-on.

  • Once the application loads, open Basic SAML configuration. In the Reply URL (Assertion Consumer Service URL), delete unused or default Reply URLs created by the system. For example, https://127.0.0.1:444/applications/default.aspx.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

YackelineEspaaArevaloDCATECHNOLOGY-2308 avatar image
0 Votes"
YackelineEspaaArevaloDCATECHNOLOGY-2308 answered

I have the same problem, but it happens when my url is balanced through the azure gateway, I have not been able to solve it.

I see that the gateway sends the url like this
https://serverbalanced.red.miempresa.com.co

But my servers have the following url
https://server1.red.miempresa.com.co
https://server2.red.miempresa.com.co

server
balanced
The authentication process is done, but in the response I get the error of not finding the url for the entityid: http://serverbalanced.red.miempresa.com.co

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.