question

KevinAzure avatar image
0 Votes"
KevinAzure asked ·

Azure AD Out-of-the-box Authentication not Working!

I created an App Service & App Registration connected them both using App Service > Authentication blade > Advanced Settings.

While launching the URL - even with successful authentication - it is throwing error:
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6f82e422-41cb-4291-95ad-234bd5f942eb

BUT the Login URL shows it is correct as per configured.
alt text
alt text
URL:
https://working-angular-webapi.azurewebsites.net/

Email: aadtester@jeanpaulvagmail.onmicrosoft.com
Password: authentication1!


azure-active-directory
aad0.png (43.0 KiB)
aad1.png (60.8 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

ShashiShailaj-MSFT avatar image
2 Votes"
ShashiShailaj-MSFT answered ·

Hello Paul ,
I checked this and found that the redirect URI which you have mentioned in the settings on Azure AD is not absolute match .
alt text

Could you please change the same from **https://working-angular-webapi.azurewebsites.net/** to **https://working-angular-webapi.azurewebsites.net/.auth/login/aad/callback** because I think the redirect URI needs to exactly tell the http client about the endpoint within the application which can process the response by the federation service (which in this case is Azure AD) .

I hope this works in your case. In case it does , please do mark this as answer and if this does not help , please do comment with your findings and we will be happy to continue the conversation.

Thank you.



replyurl.jpg (60.7 KiB)
· 2 · Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thank you Shashi!

It worked.

(after I changed the Redirect URI as you said as below)
alt text



Can you please tell me following?
- how you got the above table displaying redirect_url , client_id etc?
- is that the ID Token been posted on the redirect url?
- can i use an Angular/JS url for receiving the postback - so that i can save the id token?



0 Votes 0 ·
working1.png (32.8 KiB)

Sure Paul ,


I used the Web debugging tool fiddler to get that information while trying to replicate the issue. You may need to set it up on your machine before you can use it to capture traffic. You need to have local administrator rights on your machine in order to install fiddler. You will need to enable HTTPS traffic decryption. Once you have it installed you can find the tab on the right called Inspectors > Webforms where you can see the information I have provided in screenshot above.


alt text


hope this helps.


0 Votes 0 ·
fiddler-software.png (159.8 KiB)