AADSTS700016: Application with identifier 'some_id' was not found in the directory 'some_another_id'
Solution 1
I ran in to this problem because I was using the ID of in the Client secret section instead of using the Application (client) ID
.
Solution 2
I have faced this error below are the possibilities:
-
This error means you have made a mistakes while configuring the Client ID OR tenant ID in your code, First please confirm that both are same as your azure portal application client and tenant.
-
In my case i had entered wrong client id in my code.
-
Please check this https://github.com/MicrosoftDocs/azure-docs/issues/24673
Solution 3
The problem here is that the AAD Application Registration has an identifier URI that does not match that being requested in the authentication request. You can fix this by:
- Copying the URL in the obscured screenshot
- Navigating to Azure AD Blade in the Azure AD Tenant to which you want to federate with 3. Access the Enterprise Applications menu, find the App Registration by ApplicationId(ClientId)
- Open the
Single Sign-On
menu. - Paste the URL from the error into the
Identifier (Entity ID)
option
You also need the correct Reply URL
:
https://contoso.b2clogin.com/te/contoso.onmicrosoft.com/<policyd of Base>/samlp/sso/assertionconsumer
You are much better off using OpenId (which also allows for multi tenant access):
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
Admin
Updated on October 02, 2021Comments
-
Admin over 2 years
I need a federated authentication with custom policy (when user authenticated I need him to appear marked as Federated in b2c users, not Others or something else what I could achieve with single tenant), I had it before with default policy setup in azure as OpenId provider, but did not find how to do FEDERATION Authentication with OpenId in custom policy, so I did it with SAML and below what I've got.
I tried Single tenant and it is not what I need. Also problem is not with signing key, because I've already had this issue and resolved this. I created self signed certificate, uploaded it to AAD application first and to b2c policy keys after. I think the application which authenticate the federation is not an issue, because I works with default policy.
<TechnicalProfile Id="Office-SAML2"> <DisplayName>Microsoft Office 365</DisplayName> <Description>Login with your ADFS account</Description> <Protocol Name="SAML2"/> <Metadata> <Item Key="WantsSignedRequests">false</Item> <Item Key="PartnerEntity">https://login.microsoftonline.com/<b2c tenant id>/federationmetadata/2007-06/federationmetadata.xml</Item> <Item Key="XmlSignatureAlgorithm">Sha256</Item> </Metadata> <CryptographicKeys> <Key Id="SamlAssertionSigning" StorageReferenceId="B2C_1A_SamlCert"/> <Key Id="SamlMessageSigning" StorageReferenceId="B2C_1A_SamlCert"/> </CryptographicKeys> <OutputClaims> <OutputClaim ClaimTypeReferenceId="issuerUserId" PartnerClaimType="userPrincipalName" /> <OutputClaim ClaimTypeReferenceId="givenName" PartnerClaimType="given_name"/> <OutputClaim ClaimTypeReferenceId="surname" PartnerClaimType="family_name"/> <OutputClaim ClaimTypeReferenceId="email" PartnerClaimType="email"/> <OutputClaim ClaimTypeReferenceId="displayName" PartnerClaimType="name"/> <OutputClaim ClaimTypeReferenceId="identityProvider" DefaultValue="https://sts.windows.net/<b2c tenant id>/" AlwaysUseDefaultValue="true" /> <OutputClaim ClaimTypeReferenceId="authenticationSource" DefaultValue="socialIdpAuthentication" AlwaysUseDefaultValue="true" /> </OutputClaims> <OutputClaimsTransformations> <OutputClaimsTransformation ReferenceId="CreateRandomUPNUserName"/> <OutputClaimsTransformation ReferenceId="CreateUserPrincipalName"/> <OutputClaimsTransformation ReferenceId="CreateAlternativeSecurityId"/> <OutputClaimsTransformation ReferenceId="CreateSubjectClaimFromAlternativeSecurityId"/> </OutputClaimsTransformations> <UseTechnicalProfileForSessionManagement ReferenceId="SM-Noop"/> </TechnicalProfile>
I have been doing everything through this reference https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-setup-adfs2016-idp