Symptom
You receive the following error while setting Single Sign On:
"Error AADSTS650056 - Misconfigured application. This could be due to one of the following: the client has not listed any permissions for '{name}' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure that it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: {id}. Please contact your admin to fix the configuration or consent on behalf of the tenant."
Environment
SAP Cloud for Customer
Reproducing the Issue
- Go to Administrator Work center.
- Open Common Tasks View.
- Select "Configure Single Sign On".
- Go to tab "My system".
Cause
The Issuer
attribute sent from the application to Azure AD in the SAML request doesn’t match the Identifier value configured for the application in Azure AD.
Resolution
Ensure that the Issuer
attribute in the SAML request matches the Identifier value configured in Azure AD.
Verify that the value in the Identifier textbox matches the value for the identifier value displayed in the error.
For more information about the Issuer attribute, see Single Sign-On SAML protocol.
Keywords
SSO, Error, AADSTS650056, Misconfigured application, Testing, Setting , KBA , LOD-CRM-SEC , Security Topics , How To