Cloud app - SAML authentication gives non-retryable error

Kevin Emmers 21 Reputation points
2020-05-12T11:03:47.433+00:00

Hello,

We are trying to set up a web application that lets our users authenticate against Azure AD using SAML.
I followed below manual:
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial

We managed to get it all set up and did a few test logins (which were succesful) but since yesterday we are getting the following error:
AADSTS75020: Non-retryable error has occurred.

Can someone help us or provide us with a fix/workaround for this issue?

Thanks in advance,
Kevin

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,499 questions
{count} votes

Accepted answer
  1. soumi-MSFT 11,761 Reputation points Microsoft Employee
    2020-05-14T06:05:38.663+00:00

    @Kevin Emmers , It looks like that error is popping up for that application due to some misconfigured optional claims. I believe these claims are either being pushed through an Azure AD policy or might be through the app manifest.

    Next action plan would be:

    1. Remove the Azure AD Policy if optional claims are being pushed from Azure AD policy
    2. Else remove the optional claims from the app manifest
    3. Then try to check if the users are able to login
    4. If it still fails with the same error , we would have to collect a Fiddler trace to understand the SAML request.

    Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful