SAP Knowledge Base Article - Public

3210639 - SSO Error "AADSTS650056 - Misconfigured application"

Symptom

You receive the following error while setting Single Sign On:

"Error AADSTS650056 - Misconfigured application. This could be due to one of the following: the client has not listed any permissions for '{name}' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure that it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: {id}. Please contact your admin to fix the configuration or consent on behalf of the tenant."

Environment

SAP Cloud for Customer

Reproducing the Issue

  1. Go to Administrator Work center.
  2. Open Common Tasks View.
  3. Select "Configure Single Sign On".
  4. Go to tab "My system".

Cause

 The Issuer attribute sent from the application to Azure AD in the SAML request doesn’t match the Identifier value configured for the application in Azure AD.

Resolution

Ensure that the Issuer attribute in the SAML request matches the Identifier value configured in Azure AD.

Verify that the value in the Identifier textbox matches the value for the identifier value displayed in the error.

For more information about the Issuer attribute, see Single Sign-On SAML protocol.

Complete content

Keywords

SSO, Error, AADSTS650056, Misconfigured application, Testing, Setting , KBA , LOD-CRM-SEC , Security Topics , How To

Product

SAP Cloud for Customer add-ins all versions ; SAP Cloud for Customer core applications 2202