Thank you for posting your question in Microsoft Q&A.
By looking at the error that you get, it looks like there is a configuration issue.
For error "AADSTS750054", this is caused when Azure AD wasn’t able to identify the SAML request within the URL parameters in the HTTP request. This can happen if the application is not using HTTP redirect binding when sending the SAML request to Azure AD.
This error can be occurred due to one of the below reasons,
- Ensure that single-sign on is enabled on the application side.
- The application must support service provider-initiated single sign-on (sometimes known as SP-initiated SSO). When entering a sign-in URL for an application that only supports identity provider-initiated single sign-on can lead to a bounce back from the application without a SAML response.
- Verify that the sign-on URL is correctly configured.
You can also refer to below document,
For error "AADSTS650056" when there are no proper permissions set on the applications. You can check below option and confirm if these are configured properly.
- Check the Redirect URI configuration: Verify that the redirect URI specified in your application's Azure AD registration matches the one in your application code. The redirect URI is used to redirect the user back to your application after they sign in to Azure AD.
- Check the client ID configuration: Verify that the client ID specified in your application's code matches the one in your Azure AD registration. The client ID is used to identify your application to Azure AD.
- Verify the app has necessary permissions: Check that the necessary permissions are granted to your application. You can do this by checking the "API Permissions" section in your application's Azure AD registration.
- Verify the app is enabled: Check that your application is enabled in Azure AD. You can do this by checking the "Enterprise Applications" section in the Azure AD portal.
- Check the token signing certificate: If your application is using tokens, verify that the signing certificate is properly configured in Azure AD. You can do this by checking the "Certificates & Secrets" section in your application's Azure AD registration.
- Check the authentication method: Verify that the authentication method used by your application matches the one specified in Azure AD. For example, if your application is using OpenID Connect, verify that it is configured in Azure AD to use OpenID Connect.
- Check for conditional access policies: Verify if there is any conditional access policy in place that might be blocking your application from accessing Azure AD resources.
- Ensure that the
Issuerattribute in the SAML request matches the Identifier value configured in Azure AD.
Verify that the value in the Identifier textbox matches the value for the identifier value displayed in the error.
You can also refer below article get more information on this issue.
Let us know if you have any further questions
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.