Waqas Ahmed

Waqas Ahmed

  • 1.9k
  • 97
  • 143

AADSTS700016: UnauthorizedClient_DoesNotMatchRequest

Sep 7 2020 2:59 PM

Not sure if this is the right place to ask but... We have an older application that is set up to use SSO, currently Azure ADFS. I want to use login.microsoft.com url instead of our organizational url that has been used in the past.

I replaced the currently working links in web.config with the endpoints from Azure

  1. <appSettings>  
  2. lt;add key="FederationMetadataLocation" value="https://login.microsoftonline.com/dfmi.onmicrosoft.com/FederationMetadata/2007-06/FederationMetadata.xml" />  
  3. </appSettings>  
AND
  1. <federatedAuthentication>  
  2. <wsFederation passiveRedirectEnabled="true" issuer="https://login.microsoftonline.com/0845a734g7-6d23-7c96-9f4x-3427v39n4sd5/wsfed/" realm="https://customdfmi.dfmi.net/" requireHttps="true" />  
  3. <cookieHandler requireSsl="false" />  
  4. </federatedAuthentication> 
I get to the sign-in page. When I put in the credentials it shows "AADSTS700016: Application with identifier 'https://customdfmi.dfmi.net/' was not found in the directory". It is set up in Azure. Redirect URI is the exact copy of what's in web.config. What am I putting wrong in web.config? Do I need to put the Application ID somewhere in it? Any pointers would be great. Thanks! 

Brought to you by: