O365 Error Message: AADSTS50107: Requested federation realm object does not exist

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected:  All
     
    Description: 
    After configuring O365 with SecureAuth, attempts to log in lead to an O365 error of


    Message: AADSTS50107: Requested federation realm object 'https://secureauth.example.com/secureauth74' does not exist.

    This error happens after authenticating and being redirected from SecureAuth to O365


    Cause:
    A mismatch between the issuer that is set in o365 and the issuer as set in the Post Auth page. 

    They need to be an exact match. Most common mistake is to include the trailing slash in one place and not the other. 

    Resolution: 

    1. Verify the IssuerUri by entering this code into Azure PowerShell:

    Get-MsolDomainFederationSettings -DomainName <DomainName>

    Replacing "<DomainName>" with the actual domain name, e.g. Get-MsolDomainFederationSettings -DomainName secureauthdev.com

    2. Open the SecureAuth Admin Console and navigate to the Post Auth page for your O365 realm

    3. Correct the SecureAuth setting for WSFed/Saml Issuer so it exactly matches the O365 IssuerUri that we verified in Step1.

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.