none
ADFS+ Office 365 RRS feed

  • Question

  • Hello Guys,

    Hope you are doing well!

    Yesterday I have established a new ADFS server and configured it to work with OFFICE 365 with SSO,

    But from some reason, it does not work well,

    Once enter the email address on:

    https://login.microsoftonline.com page 

    it redirects me to an error page:

    Sign In

    Sorry, but we’re having trouble signing you in.

    We received a bad request

    Additional technical information:
    Correlation ID: 94cf73b3-259c-4286-bbde-cad450a3b7ac
    Timestamp: 2017-04-13 22:11:22Z

    AADSTS51004: To sign into this application the account XymXWDuILkaegoHhGF+HhQ== must be added to the b0bcd8d6-e290-4bc3-bad7-052bca81c55b directory.

    Do you have any an idea?


    Windows IT MVP 2015 /2016 www.PelegIT.co.il Thank you!

    Thursday, April 13, 2017 10:12 PM

All replies

  • Have you manage to solve this?

    I have the exact same issue.

    Thanks!

    Thursday, April 27, 2017 8:49 AM
  • I am having the same problem with a 3rd party IDP setup using SAML2.0
    Monday, May 8, 2017 2:00 PM
  • Hi Meir,

    Have you confirmed that the object with the immutable ID XymXWDuILkaegoHhGF+HhQ== exists in your directory?

    To do this - login to Office 365 Powershell

    get-msoluser -all | ?{$_.immutableID -eq 'XymXWDuILkaegoHhGF+HhQ=='}

    Good Luck!

    Shane

    Monday, May 8, 2017 8:47 PM
    Moderator
  • Hi

    Probably stupid issue, I tried to access to OFFICE 365 with different account which can't get through, for example

    I logged in to computer with user: LeeP

    and tried to open office 365 with email "meirpe@X.com" which can't confirm this is my UPN / Mail address.

    guys who experience same issue, ADFS and Office 365 settings are easier to configure and setting up..

    If you want I can take remote control on your PC and try to help you.

    If there was delete option here I would delete this POST :d 

    Thanks for your direction guys.


    Windows IT MVP 2015 /2016 www.PelegIT.co.il Thank you!

    Wednesday, May 10, 2017 5:47 AM
  • Hi Meir,

    If you are using Email address as login ID on Azure, then you need to ensure, the Mail Attribute is syncing from Local Domain to Azure AD as the user's UPN. I think, this is most likely your issue, where you are not using the correct Login name on 0365.

    You can verify if the Immutable ID i:e XymXWDuILkaegoHhGF+HhQ==, that you got on the above error actually matches your actual User, that is trying to authenticate on 0365. You can find it using the below command.

    Get-MSOLUser -UserPrincipalName "Username on Azure" | fl ImmutableID

    I just tested a behaviour, and it failed with the same error.

    • Proposed as answer by AlpeshKumar Thursday, June 1, 2017 6:51 AM
    Thursday, May 11, 2017 9:43 AM
  • Hi Meir,

    Did the above helped to rectify the issue? 

    Thursday, June 1, 2017 6:30 AM