Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '<AppId>'

I have a .NET Core 2 app template that is configured to use Azure AD out of the box.

The configuration is:

{   "AzureAd": {     "Instance": "https://login.microsoftonline.com/",     "Domain": "lautaroarinolive.onmicrosoft.com",     "TenantId": "67cb2dfd-ebd5-40d8-829b-378340981a17",     "ClientId": "50819a7a-e018-4c1d-bf0a-18c8fce5c600",     "CallbackPath": "/signin-oidc"   },   "Logging": {     "IncludeScopes": false,     "LogLevel": {       "Default": "Warning"     }   } } 

In my portal, I have an Azure app registration with the same id as ClientId. It has the reply URL [APP-URL]/signin-oidc.

App registration in the Azure portal

The localhost app works only if I set the reply URL to [LocalhostURL]/signin-oidc, even though I've learned that the configuration should not affect log in on localhost.

The Azure app does not work in any case.

In both apps when it doesn't work I get this error:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '50819a7a-e018-4c1d-bf0a-18c8fce5c600'

  1. Is it correct that a localhost app should not need a configured reply URL?

  2. Why do I get the "reply url not configured" error?

like image 247
Daarwin Avatar asked Apr 24 '18 22:04

Daarwin


People also ask

How do you fix aadsts50011 the response URL specified in the request does not match the response urls configured for the application?

Resolution. To fix the issue, follow these steps: Ensure that the AssertionConsumerServiceURL value in the SAML request matches the Reply URL value configured in Azure AD. Verify or update the value in the Reply URL textbox to match the AssertionConsumerServiceURL value in the SAML request.

What is reply URL in Azure AD?

A redirect URI, or reply URL, is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token.

How do I fix error code aadsts50020?

Solution: Sign out, then sign in again from a different browser or a private browser session. Instruct the user to open a new in-private browser session or have the user try to access from a different browser. In this case, users must sign out from their active session, and then try to sign in again.

What is reply URL in SAML?

The Reply URL is used by the app to redirect users to the portal after the authentication succeeds. If your portal uses a custom domain name, you might have a different URL than the one provided here.


1 Answers

You can refer to this Sample to rebuild your .NET core App and publish to the Azure.

There are some NOTES you need to pay attention to :

  1. you need to change the port from 5000 to the effective one. Currently, it should be 61659. So, when you do a test in your localhost, you can set the reply URL in the AAD App with http://localhost:61659/signin-oidc

  2. Update these URLs if you configure the app for production use or If you publish the App to Azure Web App, you should change the Reply URL in both App config file and AAD Application to be <AppURL>/signin-oidc

For example, https://www.contoso.com/signin-oidc or https://Myapp.azurewebsites.net/signout-oidc.

like image 147
Wayne Yang Avatar answered Sep 28 '22 07:09

Wayne Yang