Azure SSO Configuration

Naveen R (Nokia) 1 Reputation point
2021-09-07T19:43:13.713+00:00

I am trying to understand more about how SSO is configured. Mainly the reply URL that is configured. we have an application that is configured to use Azure SSO the application is configured with Load Balancer and 2 nodes (A & B)support the HA.

The reply URL is configured and points to one node (A). But when we see when node A is down, the SSO authentication on node B works without any issue.

Can someone help me understand how this works...?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,659 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AmanpreetSingh-MSFT 55,526 Reputation points
    2021-09-10T06:31:44.063+00:00

    Hi @Anonymous • Thank you for reaching out.

    The reply URL specifies, which URL the token (after successful authentication) should be posted to. The value of the redirect_uri parameter in the Authentication request must match with on of the Redirect URIs registered in the application. If there is a mismatch, the error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application occurs.

    In your case, if the redirect_uri parameter in the authentication request (generated by either Node A or Node B) includes the same URL e.g. https://LB.example.com/landing, it will be matched against the Redirect URIs registered in the application. Now, regardless of whether the request is forwarded by the load balancer to node A or B, you will not get the AADSTS50011 error.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.