Share via

Trouble implementing sign in to Azure AD SSO in asp.net

azzier test 1 Reputation point
2021-01-22T00:19:59.603+00:00

I am trying to implement single sign-on in my asp.net app. My customer uses Azure AD as an identity provider using SAML. I am able to create a request but every time I try to log in I get one of two errors.

The values I was provided with are:

entity ID = https://sts.windows.net/[id]/
login url = https://sts.windows.net/[id]/saml2
the login url looked off to me so I am also trying an alternate login url = https://login.microsoftonline.com/[id]/saml2

When I use the login.microsoftonline url it validates my login credentials (if I enter a non-existing username or the wrong password it rejects me, correctly), then shows this error:

AADSTS700016: Application with identifier 'https://sts.windows.net/[id]/' was not found in the directory '[id]'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

When I use the sts.windows url I get as far as entering my username then I get hit with:

There was an issue looking up your account. Tap Next to try again.

Additional information

  • I have implemented Azure AD SSO before using the alternate login url, which is why i tried it.
  • I can log in to office365 using these login credentials.
  • I have tried every variation on these strings I can think of, including with and w/o ending slashes, without 'saml2', using just [id] as the entity ID,
    I get the same errors every time (except when I leave of 'saml2', then it just doesn't connect and I get 404 error).
  • [id] is actually a long string of characters, I replaced it here for security and readability.
  • I am creating the request using AspNetSaml.
  • I'm assuming the Azure application is configured properly, but if there really is no other possible solution I can ask the customer to check it again.
  • I'm out of things to try and it's still not working. What is the correct way to implement this, or how can I fix these errors?
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Developer technologies | C#

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. James Hamil 27,221 Reputation points Microsoft Employee Moderator
    2021-01-25T21:42:29.103+00:00

    Hi @azzier test ,

    The error generally means that there is a mismatch between the tenant where the app is actually added and where it is declared to be added, in either the application code or the Azure AD portal. Here in this case, it signifies that there might be mistake in configuring the unique identifier (Entity Id) in the code. Please confirm that in both the places, ie, in Azure portal and the application code, the value of 'Entity Id' is the same.

    The issue here seems to be with the application configuration itself. Please verify the same and get back.

    You can have a look into this sample for ref.

    https://github.com/jitbit/AspNetSaml

    I hope this helps,

    James

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.