Error while setting up Azure provider: Redirection URL must be registered for the specified cloud application
search cancel

Error while setting up Azure provider: Redirection URL must be registered for the specified cloud application

book

Article ID: 373748

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

When trying to setup your Microsoft Entra tenant in ITMS (as indicated in the "Using IT Management Suite with Microsoft Entra" whitepaper), you are getting an error under the "New Azure Authentication Provider" page (under SMP Console > Settings menu > All Settings > Notification Server > Cloud Authentication > Authentication Providers, and then use the right-click menu to select New Azure Authentication Provider):

"The 'https://YourSMPServer.example.com:4726/altiris/console/authcallback/' redirection URL must be registered for the specified cloud application"

This environment has CEM (Cloud-Enabled Management) configured and in use.

The NS logs show the following error entry:


Failed to load validate redirection URL.

The redirection URL(s) 'https://YourSMPServer.example.com:4726/altiris/console/authcallback/' specified for provider 'New Azure Authentication Provider' are not registered in cloud.

   [RestApiException @ Altiris.NS.Cloud.dll]

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.VerifyAzureRedirectUris(OauthLogonProvider, DataTable, CloudConnectivityTaskResult)

 

COM Exception errcode: 0xFB100005

 

Exception logged from:

   at Altiris.Diagnostics.Logging.EventLog.ReportException(int, string, string, Exception, string)

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.VerifyAzureRedirectUris(OauthLogonProvider, DataTable, CloudConnectivityTaskResult)

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.LoadAzureProviderSpecificData(CloudLogonProvider, AzureCloudAdConnector, CloudConnectivityTaskResult)

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.LoadProviderSpecificData(CloudLogonProvider, ICloudActiveDirectoryConnector, CloudActiveDirectoryConnectivityTaskResult)

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.VerifyActiveDirectoryAccess(CloudLogonProvider, ICloudActiveDirectoryConnector, CloudActiveDirectoryConnectivityTaskResult)

   at Altiris.NS.Cloud.Tasks.CloudActiveDirectoryConnectivityTask.ExecuteTask(Hashtable, ItemTaskState)

   at Altiris.NS.TaskManagement.CoreTaskServiceThreadBase<,>.ExecuteThreadProc(object)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext, ContextCallback, object, bool)

   at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object, bool)

   at System.Threading.ExecutionContext.Run(ExecutionContext, ContextCallback, object)

   at System.Threading.ThreadHelper.ThreadStart(object)

Environment

ITMS 8.7.x

Cause

There is not a reference added in AZURE for using port 4726 in the Redirection URL:

The redirection URL(s) 'https://YourSMPServer.example.com:4726/altiris/console/authcallback/' specified for provider 'New Azure Authentication Provider' are not registered in cloud.

Port 4726 is dedicated to our CEM (Cloud-enabled Management) agent communication (See our Ports and Protocols for IT Management Suite).

Resolution

  1. Make sure you update with Azure the redirect URL with the Port number entry (for your redirect URIs)
    (in this screenshot shows multiple URLs with port 4726 because we were testing with multiple servers)


  2. and try again to configure your "New Azure Authentication Provider". Here is an example of how it is configured for a standard ITMS where CEM web site is installed:

    In SMP Cloud profile you just specify SMP server URL (Not CEM Web site)




Note: 
Also make sure that whatever User you want to login with Azure Credentials into the SMP Console, that User's group needs to be added to your active directory import rule.


So, as summary, make sure:

  1. Add URI with 4726 as "Redirect URL" in Azure Logon Provider Configuration (Microsoft Azure Authentication page), so both
    https://yoursmpserver.example.com:4726/altiris/console/authcallback/
    https://yoursmpserver.example.com/altiris/console/authcallback/
    are accepted URIs (as shown in step 1 above). 
  2. Ensure that you have https://yoursmpserver.example.com/altiris/console/authcallback/ on our page "New Azure Authentication Provider".


Powered by Wolken Software