Azure "Enable AD Authentication" with Deployment Slots
I have Azure WebApp and have Active Directory Authentication enabled in Laser Preview. Let's call it https://mysite.azurewebsites.net (not the real URL). Works as expected. However, when we add the deployment slot, we cannot get the authentication to work properly. When accessing a staged WebApp such as https://mysite-staging.azurewebsites.net (not the real URL), we are redirected to
But the login portal gives us an error message:
AADSTS50011: The response address https://mysite-staging.azurewebsites.net/< our-appliction-guid > / login 'does not match the response addresses configured for the application :.
The problem is that the WebApp does not appear as an application in our directory, so we cannot configure alternate URLs for it for reuse.
Can I specify alternate addresses for WebApps so the Azure AD login works in the deployment slots?
source to share
I'm sure this won't solve that the deployment slot is still pointing to a live application, but it fixes this bug as it's very silly.
AADSTS50011: The response address https://mysite-staging.azurewebsites.net/ / login 'does not match the response addresses configured for the app :.
When you set up your URL in your app settings in Azure AD, you forgot ... the trailing slash! This is it! Can you believe it?
In other words, change this:
http://yoururlforyourapp
to this:
http://yoururlforyourapp/
Done! Youβre welcome.
From http://www.matvelloso.com/2015/01/30/troubleshooting-common-azure-active-directory-errors/
source to share
Unfortunately, it looks like you ran into some bugs in this version of the preview portal.
The problem with the response url is probably due to the fact that you created the staging segment after you configured auth in the production slot. In this release, we cloned the auth settings so your staging segment ended up targeting an existing AAD application without adding a new response url. This issue was not fixed by auto-cloning authorization settings when creating a new slot.
Either way, you should be able to find your application on the AAD management portal. If you can't see it, it might be because you need to change the Show drop-down filter from My Company Apps to My Company Owned Apps. Finding and adding an intermediate response url would also affect the issue mentioned above.
The error message you saw when trying to reconfigure auth in your staging slot is probably another error in the management portal if you only saw it in that staging slot.
The authentication / authorization legend has been radically updated since your question, and all of these issues should be fixed. We are sorry for the inconvenience. Hope you were able to make progress despite these challenges.
source to share