Forum Discussion

southern_shredd's avatar
southern_shredd
Icon for Cirrus rankCirrus

Thanks that seems to have resolved that error. The login is now successfull both on Azure and on APM how we seem to another error when we receive the successfull token

The error seem to be wiht the replyURL being incorrect? Wich URL should we configure for this and in which format?

We have tried the Entity ID URL, we have tried the initial hostname URL but still get an error

1): our.website.com/saml/sp/profile/post/acs
2): entityid url

AADSTS50011: The reply URL 'https://login.microsoftonline.com/ourappliaction' specified in the request does not match the reply URLs configured for the application 'https://login.microsoftonline.com/azureentityid/saml2'


AlexBCT's avatar
AlexBCT
Icon for Cumulonimbus rankCumulonimbus
Jun 03, 2022

Nice! one error down, let's see how many there are left to go... 😉 Sounds like you're close though. 

Purely going on ReplyURL, you should have the following: https://app.example.com/saml/sp/profile/post/acs 

(https://techdocs.f5.com/en-us/bigip-15-0-0/big-ip-access-policy-manager-per-request-policies/implementing-seamless-sso-azure-saml-mfa/overview-saml-azure-mfa/azure-ad-saml-mfa-prerequisites-to-configure.html

...but there may be more to this as that will depend a bit on both the AzureAD configuration as well as the APM configuration. Now that you've resolved the issue with the encryption, it may be a good idea to create a new metadata file on the F5 and re-import it in to AzureAD. This way, you'll let the F5 decide which information should be imported where in the AzureAD SAML config.