Azure B2C openid connecting to AAD

0
votes

Using the MS documents listed below I have tried repeatedly to authenticate against AAD as an idp and I cannot get it to work. Every time I get the following error:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application:

I read the documents on this error, and cannot find anything that does not match. My question today has anyone actually been able to connect to AAD using B2C as indicated in the documents below without doing any custom coding? If you have actually done this, I would like to know how you did it. And I would like to know what I am doing wrong.

I'm trying to connect to AAD in the base subscription. In this same subscription also resides the B2C tenant. Is that possible, or must it be an external AAD?

Please only respond if you have actually done this.

Documents that I have followed: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-oidc-idp

https://blogs.msdn.microsoft.com/jpsanders/2018/01/30/azure-app-service-error-aadsts50011-the-reply-address-http-azurewebsites-netsignin-oidc-does-not-match-the-reply-addresses-configured-for-the-application/

AADSTS50011: The reply URL specified in the request does not match the reply urls configured for the application

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-tutorials-web-app#run-the-sample-web-app

https://blogs.msdn.microsoft.com/azuredev/2017/05/30/azure-ad-b2c-kicking-it-up-a-notch-with-support-for-aad-as-idp/

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom

1
azureazure-ad-b2copenid-provideridp
Hi @Jarhead4life: What have you configured as the reply URL in the Azure AD (IDP) tenant?Chris Padgett
I'm not sure that I understand you question. I have an AAD idp setup in the B2C tenant. The idp configuration does not have any fields for Reply url. My Reply url points to a web app that I have setup that currently hosts a static page for testing. I get the AADSTS50011 error as soon as I click the button for the AAD idp.Jarhead4life
Apologies @Jarhead4life if it was confusing. In order to federate from Azure AD B2C to Azure AD, you must create an application registration, for Azure AD B2C in your Azure AD tenant. When you create this application registration, you have to specify a reply (or redirect) URL for Azure AD B2C. What did you set this reply URL to?Chris Padgett
Chris, I have the Reply url pointing to a web app that I have setup with a static page. Is there any way that I can send you a file? I created a word doc with screen shots of the entire setup process. This shows all of the values for all of the various components: polices, web apps, idp, custom policy, trustframework files that I have configured. thx.Jarhead4life

1 Answers

2
votes

This is related to the reply URL that is registered for Azure AD B2C in your Azure AD tenant.

If you're using the your-tenant-name.b2clogin.com domain with Azure AD B2C (recommended), then the reply URL must be set to:

https://your-tenant-name.b2clogin.com/your-tenant-name.onmicrosoft.com/oauth2/authresp

If you're using the login.microsoftonline.com domain with Azure AD B2C, then it must be set to:

https://login.microsoftonline.com/te/your-tenant-name.onmicrosoft.com/oauth2/authresp