Active Directory
A set of directory-based technologies included in Windows Server.
6,632 questions
SAML SSO is failed with error AADSTS50011
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 45%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
Maksim Pilipeiko
0
Reputation points
I'm testing SAML SSO with Azure AD as the identity provider and Keycloak as the service provider managed by us.
The screen with the SAML configuration is below, showing that the domain is test345.colada.biz
When I try to sign in using an Azure account, I receive the following error:
AADSTS50011: The reply URL 'https://stage-v5.colada365.com/auth/realms/default/broker/saml/endpoint' specified in the request does not match the reply URLs configured for the application 'https://test345.colada.biz/auth/realms/default'.
It's unclear why the AssertionConsumerServiceURL is using stage-v5.colada365.com, while the reply URL in the SAML configuration is set to test345.colada.biz. I suspect this issue is related to using the third-party service https://saascustomdomains.com/ and the nature of the AssertionConsumerServiceURL. We use SaaS Custom Domains to support custom domains for our clients. However, it's not clear why stage-v5.colada365.com is being used instead of test345.colada.biz. How is the AssertionConsumerServiceURL constructed?
Sign in to answer