Azure Development Sitecore

Sitecore Identity Error AADSTS50011 – Azure AD

The Issue

When logging in to Sitecore with Office 365, through Azure Active Directory and Sitecore Identity server, you get the following error (AADSTS50011):

Message: AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '<APPLICATION GUID>'. More details: Reply address did not match because requested address had a trailing slash.

Make a note of the Application GUID, you will need it later.

Azure Active Directory Sitecore Identity Office 365 Login Error Trailing Slash

The Solution

This one is pretty self explanatory, the error reported by Microsoft is accurate.

Go to the Azure dashboard, then go into the Active Directory section

Azure Dashboard Active Directory Button

Then go to “App Registrations”

Azure Active Directory App Registrations

In the App Registrations click “All applications”, then paste the Application GUID from the first screenshot. This should then show you the relevant app that needs fixing. Click into it.

Azure App Registrations Search

Next, click “Authentication” in the left hand pane. Then, inside the “Web” section, check the URI and make sure it doesn not end with a slash (/). If it does, remove it.

App Registration Redirect Uri

This should fix the issue

Happy developing! – BM 🙂

Background for this Sitecore Identity AADSTS50011 Error

If you or a peer encounters this Sitecore Identity error AADSTS50011, point them to this post to see if it helps remedy the issue. The issue detailed in this post uses Sitecore Identity with Azure Active Directory and signing on using Office 365 single sign on. This is quite a common implementation for large organisation that are already using a Microsoft technology tech stack, often already utilising Azure Active Directory.

For more info and documentation around the Sitecore Identity feature, see here. This is the Sitecore documentation that does a great job of detailing structure, implementation steps, and even how to localize the user interface if your site is multilingual.

A couple of notes to bear in mind:

  1. Sitecore Identity (SI) uses the federated authentication features introduced in Sitecore 9.0, using OWIN authentication middleware.
  2. In Sitecore 9.1 and later, Sitecore Identity is enabled by default.

Check out my latest posts, or contact me if you have a query.

Leave a Reply

Your email address will not be published. Required fields are marked *