Hey Guys after publish to Azure I get the following error when I want to login.
I checked the URL in my Code and the App Registration --> It's the same...
When i run with Azure domain: (I already created a new registered app)
We're unable to complete your request
unauthorized_client:
The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.
When I run localhost login appears and I logging in it redirects
me to this:
The reply URL specified in the request does not match the reply URLs configured for the application
Sorry, but we’re having trouble signing you in.
AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'ace44f89-fa01-41a3-8d0c-f0835adb1065'.
Troubleshooting details:
Request Id: e9199aae-5431-4ca5-ae1e-ad2ab78f0a00
Correlation Id: cc29341a-f2bd-4b2b-a968-474c8203c493
Timestamp: 2021-04-13T07:32:21Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'ace44f89-fa01-41a3-8d0c-f0835adb1065'.
The client does not exist or is not enabled for consumers.
This error means you are using a Microsoft Account to login your client app, but it is not enabled for that.
To change the setting for an existing AD App, navigate to the Manifest blade of it in the portal, find the signInAudience attribute, set it with AzureADandPersonalMicrosoftAccount or PersonalMicrosoftAccount.
AADSTS50011: The reply URL specified in the request does not match the
reply URLs configured for the application
When you visit the application url , you will be redirected to the login page. Decode the authorization request url, you will find redirect_url, copy the value of redirect_url and paste it into the azure portal, and try again.
Related
I am using MVC.net with "sign in with microsoft" as the login.
First, everything works on localhost.
I have registered my app on the AZ portal, with a redirect URL of https://xxxxxxx.com/xxx/Home/Index
I have a web.config redirect uri that matches
when I publish the application and sign in with microsoft it authenticates, then redirects to https://xxxxxxx.com/xxx/Home/Index as a Post with form data of (string code, string id_token, string state, string session_state) with 302 error
which then redirects to the root https://xxxxxxx.com
Update the reply back(redirect url) in application registration.
We have the following Azure AD B2C Application (which we will call aadb2c) with the following settings
Include web app/ web API: YES
Allow Implicit Flow: YES
Reply Url:
- https://localhost:44339/
- https://productionURL.com
- https://productionURL.com/
App ID URI (which is optional): none
Native CLient: NO
This Application is what our website https://productionURL.com uses to login it's users with azure AD B2C.
However, on production we keep on getting the error:
The redirect URI 'productionURL.com' provided in the request is not registered for the client id 'aadb2c'
According to this we should add the link to out reply url.
But as you can see above, we already included https://productionURL.com in the "Reply URL" section
of the Azure AD B2C blade.
What could be causing this error to happen? How do we resolve the redirect URI request not registered error?
It needs to be configured in the code as well and you need to make sure that the protocols match. This can also happen if there's a mismatch with the tenant ID or the app ID.
Check the B2C callback request in Chrome DevTools > Network with "Preserve log" to see what URL is being returned. This should give you insight into the problem.
As an extra measure to ensure that the protocols are matching, you can add:
if (context.ProtocolMessage.RedirectUri.Contains("http:"))
{
context.ProtocolMessage.RedirectUri = context.ProtocolMessage.RedirectUri.Replace("http:", "https:");
}
After hours looking at our code and finding no traces of the url without any protocol or any trace of "http:", we now had to look at our deployment orchestrator.
Apparently in Octopus we are deploying the app with an incorrect URI: it's missing the protocol "https://"
I've been following the guide in this repo to setup a resource token provider as an Azure function.
https://github.com/adamhockemeyer/Azure-Functions---CosmosDB-ResourceToken-Broker
I've setup the Cosmos DB, App registration, and Azure function with permissions according to the instructions. When I get to step 3 in the guide where I enter https://{function-url}/.auth/login/{provider} into my browser I get the following error.
ADSTS50011: The reply url specified in the request does not match the
reply urls configured for the application: [App id]
Update
I changed the Reply URL in my App Registration to https://{function-url}/.auth/login/{provider}/callback with {function-url} as my Function App URL. Originally I had it set to one of my Function URL's. Now i'm getting a 404 not found error.
App Registration Redirect URL
Function App URL
Function App Authentication Settings
You need to add the URL as below in your app registration, then it should work.
Note: After adding the URl, go back to the Authentication / Authorization in your functionapp, turn off the Authentication Providers whcih you configured -> turn off Authentication / Authorization, then turn on and configure again, otherwise it seems not become effective.
https://{function-url}/.auth/login/{provider}/callback
Update:
Turn off all the configuration and create the new AD App like below.
I have registered the app in Azure AAD with reply urls. Enable id_token and auth token. If i give the exact url as the parameter it works fine. but if I add the query string as a parameter in reply url it is not working and throws error
AADSTS50011: The reply url specified in the request does not match the
reply urls configured for the application: ''.
Below is my sample URL format generated by ADAL.js file.
https://login.microsoftonline.com/.onmicrosoft.com/oauth2/authorize
?response_type=id_token &client_id=
&redirect_uri=?p1=123&p2=456
&state=62439108-d296-4a0d-91cc-4f6580656e83
&client-request-id=1a5ad90a-26fc-4e60-bbcc-8d58bbbcc1f7
&x-client-SKU=Js &x-client-Ver=1.0.13
&nonce=a4a6215c-0706-4fbc-91a9-36e4cd3a262e
If i remove this ?p1=123&p2=456 query string from the redirect_url, it works fine. The other workaround i see is if i go to legacy app registration and add "" at the end of the url it is working. But the new app registration does not allow "" in the reply_url while registration.
Anyone else also faced the same issue and fixed without adding "*" in the reply_url registration? please let me know.
This is an issue with ADAL.js (and MSAL.js) setting the redirect URI to the current URL by default.
You can get around it with an approach like this:
Set redirect URI as window.location.origin + "/aad-callback" (or anything else)
When requiring login, store current URL in sessionStorage (or local storage or a cookie)
Trigger login redirect
When your app gets a callback to /aad-callback, handle the tokens from the URL fragment
Load the local redirect URL from sessionStorage
Redirect user there
I wrote an article related to this but for MSAL.js: https://joonasw.net/view/avoiding-wildcard-reply-urls-with-msal-js.
The concepts are the same for ADAL.js.
I configured azure AD as an identity provider for my organization's application
whenever i try to access the application its redirecting the request to azure login. But I am getting a bad request error and its showing the below message
The SP name qualifier 'abc.xxxx.com' is not valid.
I am not sure if i have done something wrong.
Below is my configuration
SIGN ON URL
https://abc.xxxx.com/myapp/saml/ssoRequest?ticket=kcflmlmnpgg
ISSUER URL
https://abc.xxxx.com
REPLY URL
https://abc.xxxx.com/myapp/ssoResponse
The problem was when i was submitting the SAML request I was not prepending the 'http://' in the service provider name