AADSTS50011: The reply address ... does not match the reply addresses configured for the application.

How to fix AADSTS50011: Reply address did not match because of case sensitivity.

This post was most recently updated on October 5th, 2018.

So, you got an error with a code AADSTS50011? It’s just Azure AD’s authentication acting up because of invalid reply address! here’s a bunch of different reasons that lead to this error. This post describes the variant where the URL’s case sensitivity differns from what’s configured. For me, the most typical scenario where I run into this error is accessing the app from SharePoint.

Problem

So, you’re getting an error somewhat like this:

AADSTS50011: The reply address <...> does not match the reply addresses configured for the application: '<guid>'. More details: Reply address did not match because of case sensitivity.

This is another variation of the good old “AADSTS50011: The reply address does not match the reply addresses configured“-error.

I recently encountered this new version of the error. Normally, you don’t get any extra details – the “More details:” -section will just say “not available” or some such. But I guess a lot of people have been struggling with the case-sensitivity of the URLs (I wonder who thought that was a good idea?), and Microsoft has opted to provide this, slightly improved version of the classical reply-url error.

For once, the error message actually tells you exactly what’s wrong. 

Probably your URL has “<site>/Pages/default.aspx” in it, but you entered it as “<site>/pages/default.aspx” in the configuration. Simple as that.

SharePoint normally handles redirection between differently capitalized versions of the URL, and you should only need to use one version of the URL. However, that doesn’t really always work like it should, and you don’t always have just one version of the URL. That means, that you’ll just have to make sure your links always point to whatever address SharePoint actually resolves as the default – so make sure to either use only the web’s address (e.g. use the URL without library and page names), or use the address SharePoint returns to you by default. Or you can use both – you just can’t use multiple different capitalizations, for some reason!

Solution

The solution is 50% obvious, but 50% gotcha.

If you think it’s easily done – and you can just change the case in the reply address from “/Pages/default.aspx” to “/pages/default.aspx” and be done with it, you’re only half correct. Whereas the checking for reply addresses in the authentication is case-sensitive, saving the urls is not. If you just fix the url and save, it’ll look like it saved but it didn’t actually change the reply address. It still won’t work.

So, this is what you’ll need to do instead:

  1. Remove the offending value in the reply-url configuration
  2. Save the changes (click the button at the bottom of the page)
  3. Scroll back to the reply-urls, add a new one, this time with correct casing
  4. Save again – and after this, it should work!

Funny, eh? I know, it’s kind of ridiculous. But that’s the gotcha for you!

The following two tabs change content below.

Antti K. Koskela

Solutions Architect / Escalations Engineer at Koskila / Norppandalotti Software / Valo Solutions
Antti Koskela is a proud digital native nomadic millenial full stack developer (is that enough funny buzzwords? That's definitely enough funny buzzwords!), who works as a Solutions Architect for Valo Intranet, the product that will make you fall in love with your intranet. Working with the global partner network, he's responsible for the success of Valo deployments happening all around the world. He's been a developer from 2004 (starting with PHP and Java), and he's been bending and twisting SharePoint into different shapes since MOSS. Nowadays he's not only working on SharePoint, but also on .NET projects, Azure, Office 365 and a lot of other stuff. This is his personal professional (e.g. professional, but definitely personal) blog.

Let me know your thoughts!