This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 35%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAW%3C/text%3E%3C/svg%3E)
Hello,
I'm looking for help with Azure AD authentication involving an intermediate website between my client app and AAD. This is based on the Federated Identity pattern where my intermediate site is a proxy to several external identity providers one of those being AAD. I've followed the MS OpenID Connect sample from here that uses AAD and it works fine authenticating directly against my Azure AD instance. The challenge comes when I try to authenticate through AAD via my intermediate site. I can generate a valid URL to login.microsoft.online.com and successfully redirect to the site where I can enter my Azure AD user Id. However, after clicking Next to enter my password I'm presented with a 404 status code and the error: "This login.live.com page can't be found". I've compared the redirect URL between the MS sample and the one my intermediate site generates and they're identical except for the value of the state parameter. I've also whitelisted my intermediate site's URL via AAD. I would welcome any suggestions on a way to resolve this error so that I can enter my password and login in to Azure AD through my intermediate website.
Thanks.
Resolved. This amounted to setting the OpenIdConnectOptions StateDataFormat property to a custom instance of ISecureDataFormat<T> in the PostConfigure method of a class implementing IPostConfigureOptions<T>. This had the net effect of reducing the size of the query string being sent to login.live.com and allowed the authentication process to succeed.