Saviynt Forums

Hi @rahul_p 

The error message (AADSTS50011) indicates that the specified reply URL (ECM/saml/SSO/alias/) in the request does not match the configured reply URLs for the application in the Azure portal.

Hi @rahul_p please try and make sure that the Entity ID(Identifier) is matching with what you have provided in the reply URL in Azure AD

Hello @sowmyashiva @DixshantValecha @RakeshMG ,

We did execute the steps mentioned in the document which are in high-level are import the certificates and idp XML as per Saviynt document which is not working.

1. We used default SP certificate which comes with Saviynt.
2. We did not change anything under Show Advanced Configurations.
3. Under Setup IDP, we mentioned entityID, URL.
4. Under the IDP setting we added the name, selected IDP file and attribute(after clicked on save and opened this setting again, it doesn't show any IDP file selected.)
5. activated SSO.

Can anybody point here, what went wrong?

Regards,

Rahul

Hi,

To troubleshoot this error, you can try the following steps:-

#Check the validity and consistency of the certificates used by both Azure AD and Saviynt. You can use tools like Fiddler or Charles to inspect the HTTP requests and responses and extract the certificates. You can also use online tools like >samltool.com/validate_response.php to validate the SAML response and its signature.
#Look for any invalid characters or whitespace in the SAML response that could invalidate the signature. You can use online tools like >xmlvalidation.com to check the XML syntax and format.
#Check Logs and Error Messages:

• Check the logs on both the IDP and Saviynt side for any error messages or hints about what might be going wrong.

• Test with Different Browsers:

  • Sometimes, SSO issues can be browser-specific. Try testing with different browsers to see if the problem persists.

I hope this helps you resolve your issue. If you need more assistance, please let us know.

Hello,

Now, SSO started working after updating the reply URL which was different and then it was communicated to us incorrectly.

But now SSO working only incognito mode or when we clear browser history then only its working.

Any comments?

Regards,

Rahul

As for the new issue you're facing, where SSO only works in incognito mode or after clearing the browser history, this behavior might be related to caching or cookies stored in the browser. Here are a few things you can consider and steps you can take to address this:

1. Browser Cache: Sometimes, browsers can cache certain information, including SSO-related data. This might cause conflicts when trying to authenticate. Try clearing the cache of the browser (not just the history) and then attempt to use SSO again.

2. Cookies: SSO often relies on cookies to manage authentication sessions. Incorrectly stored or outdated cookies can cause authentication issues. Clear all cookies related to the SSO provider's domain and try again.

3. Browser Extensions: Some browser extensions or plugins might interfere with SSO functionality. Try disabling any extensions that might affect web interactions and see if the issue persists.