AADSTS50011: The redirect URI '#######' specified in the request does not match the redirect URIs configured for the application '#########'. Make sure the redirect URI sent in the request match

KFish 0 Reputation points
2023-01-24T18:07:02.36+00:00

The redirect URI that I actually send in the request is https://##########.msappproxy.net/saml-success which is the same that is set in the Azure Active Directory. But this is lost somehow. Can you confirm that you see the "saml-success" in the initial request?

I have tried to use the metadata xml that is generated in the azure portal, but I am still getting this error

Request Id: 22b271a8-1a42-459a-acab-faeb18dc3e00 Correlation Id: 4fde7260-e4a7-4348-abf5-ca24c8facc0a Timestamp: 2023-01-24T17:53:54Z Message: AADSTS50011: The redirect URI 'https://##########.msappproxy.net/' specified in the request does not match the redirect URIs configured for the application '########-####-####-####-############'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal. Navigate to https://aka.ms/redirectUriMismatchError to learn more about how to fix this.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,712 questions
{count} votes

2 answers

Sort by: Most helpful
  1. JamesTran-MSFT 36,051 Reputation points Microsoft Employee
    2023-01-25T00:07:17.9633333+00:00

    @KFish

    Thank you for your post!

    Error Message:

    AADSTS50011: The redirect URI 'https://##########.msappproxy.net/' specified in the request does not match the redirect URIs configured for the application '...-############'. Make sure the redirect URI sent in the request matches one added to your application in the Azure portal.

    I looked into your correlation ID and the Reply URI specified in your request doesn't have /saml-success appended to it. The reply URL specified in your request was shown in the error you received - https://##########.msappproxy.net/

    To resolve this, you'll have to add the redirect URI (https://##########.msappproxy.net/) to the appropriate platform configuration within your App. For more info - Error AADSTS50011: The redirect URI specified in the request does not match.

    If you have any other questions, please let me know.

    Thank you!


  2. Marilee Turscak-MSFT 32,551 Reputation points Microsoft Employee
    2023-01-31T20:31:28.59+00:00

    Hi KFish,

    To add to the previous responses, if you're using SAML 2.0, the replyURL should be your AssertionConsumerService url in your SP metadata. Azure will send the SAML Response there. See troubleshooting article: https://github.com/MicrosoftDocs/SupportArticles-docs/blob/main/support/azure/active-directory/error-code-AADSTS50011-reply-url-mismatch.md

    Also note that they have to be exactly the same and cannot have a trailing slash, extra space, or any differentiation.

    The Assertion Customer Service URL is included in the SAML request and can be updated in the application code:

    User's image

    As James mentioned, based on your initial error message and correlation ID it sounds like the redirect URI in your request is: https://##########.msappproxy.net/ whereas the one specified in your app registration is:

    https://##########.msappproxy.net/saml-success
    

    You need to make sure that these match in both locations.

    -

    If the information helped you, please Accept the answer. This will help us as well as others in the community who might be researching similar information.

    0 comments No comments