When logging in to Sitecore with Office 365, through Azure Active Directory and Sitecore Identity server, you get the following error (AADSTS50011):
Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '<APPLICATION GUID>'. More details: Reply address did not match because requested address had a trailing slash.
Make a note of the Application GUID, you will need it later.
This one is pretty self explanatory, the error reported by Microsoft is accurate.
Go to the Azure dashboard, then go into the Active Directory section
Then go to “App Registrations”
In the App Registrations click “All applications”, then paste the Application GUID from the first screenshot. This should then show you the relevant app that needs fixing. Click into it.
Next, click “Authentication” in the left hand pane. Then, inside the “Web” section, check the URI and make sure it doesn not end with a slash (/). If it does, remove it.
This should fix the issue
Happy developing! – BM 🙂
Background for this Sitecore Identity AADSTS50011 Error
If you or a peer encounters this Sitecore Identity error AADSTS50011, point them to this post to see if it helps remedy the issue. The issue detailed in this post uses Sitecore Identity with Azure Active Directory and signing on using Office 365 single sign on. This is quite a common implementation for large organisation that are already using a Microsoft technology tech stack, often already utilising Azure Active Directory.
For more info and documentation around the Sitecore Identity feature, see here. This is the Sitecore documentation that does a great job of detailing structure, implementation steps, and even how to localize the user interface if your site is multilingual.
A couple of notes to bear in mind:
- Sitecore Identity (SI) uses the federated authentication features introduced in Sitecore 9.0, using OWIN authentication middleware.
- In Sitecore 9.1 and later, Sitecore Identity is enabled by default.