/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- After introducing a CDN/reverse proxy in front of the storefront, SAML SSO to Azure AD stops working.
- Commerce generates the first redirect and the SAML ACS/redirect URL with the internal platform domain instead of the public domain.
- Azure AD error: AADSTS50011: reply URL mismatch.
- Forcing the Host header to the public domain can result in HTTP 421 Misdirected Request.
- The issue occurs before the IdP is involved; the first 302 redirect already uses the internal domain.
Read more...
Environment
- Product: SAP Commerce Cloud
- Accelerator: Commerce Cloud B2B Accelerator
Product
SAP Commerce Cloud all versions
Keywords
saml sso, azure ad, reply url mismatch, aadsts50011, redirect url, host header, x-forwarded-host, forwarded header, rfc 7239, reverse proxy, cdn, akamai, endpoint, 421 misdirected request, commerce cloud accelerator , KBA , CEC-SCC-COM-BBA-ACC , Accelerator , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)