Error AADSTS50011 re empty reply address using Azure AD B2C and Azure AD

1
votes

I'm trying to configure Azure AD B2C to use Azure AD (org-owned) as an IDP using the instructions here: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom. I believe I've completed all the steps but when trying log in using an AAD account (using the "Run now endpoint"), after entering the username and password I get the error

AADSTS50011: Reply address '' specified by the request is not a valid URL. Allowed schemes: 'http,https'

I understand in general what a reply address is, but I don't know where the (apparently empty) reply address is being found. I verified that the AAD App registration representing AAD B2C has a reply URL defined, and that the B2C Application representing the actual web app has a reply URL defined. I've also verified that the same B2C tenant allows login through another defined IDP (MSA accounts).

Any suggestions as to where to start looking?

thanks

Martin

1
azure-active-directoryazure-ad-b2c
When you are going through the Authentication Process, what Reply URL are you sending as the User logins in? Note redirect_uri is one of the properties you need to send, and likely that is where you are making a mistake if you validated your app object has all the right properties.Shawn Tabrizi
Does this other answer help you out?Chris Padgett
@ChrisPadgett - I don't think so, I've verified both the items mentioned in that answer.M Herbener
@ShawnTabrizi - I am initiating the authentication by navigating to the "Run now endpoint" provided within the AAD B2C console for my AAD-specific policy; the URL includes a 'redirect_uri' parameter (pointing to localhost) whose value appears to match a reply URL defined for an app registered in the B2C tenant.M Herbener
Can you share the exact parameter being sent? Can you also share the exact configuration you have set up for Reply URL?Shawn Tabrizi

1 Answers

0
votes

The reply URL that you input when you register an app in your Azure AD tenant (not Azure AD B2C tenant) is case sensitive. Make sure everything is lowercase.