AADSTS50107: Requested federation realm object 'http:/<Identity Router FQDN>/' does not exist when trying to access the Microsoft Azure portal for RSA SecurID Access
Originally Published: 2019-11-18
Article Number
Applies To
RSA Product/Service Type: Cloud
Product Name: Microsoft Office 365
Product Description: WS-federation integration with SecurID Access
Issue
AADSTS50107: Requested federation realm object 'http://<Identity Router FQDN>/' does not exist.
On the cloud admin user event monitor, the user is authenticated successfully using the password but still not being able to login to Microsoft Azure.
Cause
Resolution
- Check the WS-federation configuration on the Azure side through Windows PowerShell by running the command below:
Get-MsolDomainFederationSettings –DomainName $domain | Format-List *
- Compare all the output of the configuration with the configuration of the application on the cloud admin side.
The difference could be a very minor between the URI on both sides and can be as simple as an extra backslash at the end of the URI. For example, in the strings below, the first IssuerUri is on the Microsoft side:
IssuerUri : http://<Identity Router FQDN>.com
Note the difference with the IssuerUri on the cloud admin side:
IssuerUri : http://<Identity Router FQDN>.com/
- Change the URI on either side so that they match each other.
- Make sure all other URIs also match on both sides
Notes
For more information, see the Microsoft Office 365 - WS-Federation SSO Agent Configuration - RSA Ready SecurID Access Implementation Guide.
