Azure AD SAML SSO problem

NH 21 Reputation points
2021-02-22T10:18:57.357+00:00

Hi all,

i have the following problem with Azure SAML SSO to non-catalogue enterprise application Nextcloud.

Everytime i try to login with a user assigned to the enterprise application, i get an error saying that the application could not be found in the directory:

70579-azurenextcloudissue.png

The strange thing is that the path in the error message is not the same i configured in the SSO:

70612-adsso1.png

Does anyone have an idea were the problem may be? I 'repaired' the path earlier with the problem wizard... i think the path in the error message is the one suggested. Is this is bug?

Thank you very much in advance!

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,380 questions
0 comments
Accepted answer
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-02-23T11:22:19.237+00:00

    Hello,

    I'm happy that you were able to fix previous issue.

    The redirect URI must begin with the scheme https to learn more about, Redirect URI (reply URL) restrictions and limitations read this article

    To fix this issue, replace a redirect URI with http://arotestnc.siod.de/apps/user_saml/saml/acs. To add a redirect URI that uses the http scheme address, you must modify the replyUrlsWithType attribute in the application manifest from App registrations as show below,

    71400-image.png

    But, we strongly recommend you to work with your application team and update application's redirect URIs to use HTTPS scheme.

    ------------------------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Siva-kumar-selvaraj 15,546 Reputation points
    2021-02-22T18:33:40.26+00:00

    Hello @NH ,

    Thanks for reaching out,

    I have reviewed provided screenshot and found that cloud application is sending login request to Azure AD with following identifier http://arotestnc.siod.de/apps/user_saml/saml/metadata as shown below, if that given identifier has not registered in the Azure AD, then this is an expected error.

    70802-image.png

    To fix this issue, please replace your Enterprise application Identifier from 'https://arotestnc.siod.de/idex.de/apps/user_saml/saml/metadata' to http://arotestnc.siod.de/apps/user_saml/saml/metadata

    ------------------------------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments
  2. NH 21 Reputation points
    2021-02-23T08:26:00.547+00:00

    Hello,

    thank you for your answer. I made the change as suggested and now i get the following:

    70986-azureissue2.png

    The reply URL configured in Azure is: https://arotestnc.siod.de
    I tried using http instead of https, but Azure does not allow this.

    Can you please once again looking into this?

    Thanks in advance!

    0 comments
  3. NH 21 Reputation points
    2021-02-24T09:39:59.523+00:00

    Hi,

    this did the trick. Thank you very much!