Azure SSO Configuration

Naveen Ramakrishnan 1 Reputation point
2021-09-07T19:43:13.713+00:00

I am trying to understand more about how SSO is configured. Mainly the reply URL that is configured. we have an application that is configured to use Azure SSO the application is configured with Load Balancer and 2 nodes (A & B)support the HA.

The reply URL is configured and points to one node (A). But when we see when node A is down, the SSO authentication on node B works without any issue.

Can someone help me understand how this works...?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,136 questions
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,446 Reputation points
    2021-09-10T06:31:44.063+00:00

    Hi @Anonymous • Thank you for reaching out.

    The reply URL specifies, which URL the token (after successful authentication) should be posted to. The value of the redirect_uri parameter in the Authentication request must match with on of the Redirect URIs registered in the application. If there is a mismatch, the error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application occurs.

    In your case, if the redirect_uri parameter in the authentication request (generated by either Node A or Node B) includes the same URL e.g. https://LB.example.com/landing, it will be matched against the Redirect URIs registered in the application. Now, regardless of whether the request is forwarded by the load balancer to node A or B, you will not get the AADSTS50011 error.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.