Share via

Error when a Government cloud user is accessing web app hosted in commercial cloud

BONTHULA Seshu Naresh 21 Reputation points
2021-09-01T13:50:28.347+00:00

I am facing the below issue, when an Azure Government cloud user is trying to access an web app hosted in Azure commercial cloud. I confirm that the reply url is present in the app registration

Sign in
128190-error.png
Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '7c528ed8-8f39-4efe-8ac2-c5a6d108def7'.

Troubleshooting details
If you contact your administrator, send this info to them.
Copy info to clipboard
Request Id: 8e827a78-276c-4d7b-a2b8-3425c3811f00
Correlation Id: b7b3a2d7-16f7-4e39-9e6e-82974bf76951
Timestamp: 2021-09-01T13:43:56Z
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '7c528ed8-8f39-4efe-8ac2-c5a6d108def7'.
Flag sign-in errors for review: Enable flagging
If you plan on getting help for this problem, enable flagging and try to reproduce the error within 20 minutes. Flagged events make diagnostics available and are raised to admin attention.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. JamesTran-MSFT 36,911 Reputation points Microsoft Employee Moderator
    2021-09-07T22:40:18.97+00:00

    @BONTHULA Seshu Naresh
    Thank you for your time and patience!

    When looking into your Correlation ID - b7b3a2d7-16f7-4e39-9e6e-82974bf76951, from the error messages that came back (posted below), I wasn't able to find any Reply URL error.

    Error Messages:

    • AADSTS50168: The client is capable of utilizing the Windows 10 Accounts extension to perform SSO but no SSO token was found in the request or the token was expired. Request has been interrupted to attempt to pull an SSO token.
    • No user credential found or user credential does not contain a UserSearchIdentifier claim.
    • DPX cloud redirect from 'microsoftonline.com' to 'MicrosoftOnline.US' is not supported

    Note - For the Azure US Government cloud, if you're trying to work with other users outside of your tenant:

    B2B collaboration is currently only supported between tenants that are both within Azure US Government cloud and that both support B2B collaboration. If you invite a user in a tenant that isn't part of the Azure US Government cloud or that doesn't yet support B2B collaboration, the invitation will fail or the user will be unable to redeem the invitation.

    Can you invite Guest user in Azure Government cloud AAD tenant?
    B2B / Guest Access between Government (National Cloud) and Commercial Cloud timeline

    Reply URL error message:
    Since you confirmed that the Reply URL is present in your app registration (7c528ed8-8f39-4efe-8ac2-c5a6d108def7), can you make sure that the Reply URL you're sending in your request matches what is in your app registration? If you don't know what Reply URL you're sending in your request, you can try using the Developer Tools (F12), or Fiddler to see what URL you're sending within your request.

    Additional Links:
    The reply URL specified in the request does not match the reply URLs configured for the application
    Error AADSTS50011

    If this doesn't help resolve your issue, please let me know.
    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.