Get error "login.live.com page can’t be found" when invoking Azure Ad as external IDP in IdentitySrever4

I try to follow this tutorial to add Azure Ad as another external IDP for my IdentityServer4 service (I have gotten Windows and Google working already). I can get the "Azure Ad" button displayed on my IdentityServer login page now, but when I click on it, I get the following error returned:

enter image description here

Here is how I configured Azure Ad in ConfigureServices of my Startup class. I also tried replacing "aad" with "oidc", which is what I used and worked in Google, but no difference here.

enter image description here

and here is how my Azure Ad account configuration looks like. The colors match up with above indicating the values I use in my code:

enter image description here

Can someone tell me what I may be doing wrong here?


Initially please try by deleting history in the browser and use "login.microsoftonline.com/<tenantId>/v2.0/" as authority string. And options.CallbackPath = "/signin-oidc"; options.ResponseType = "code id_token";

NOTE : The identity platform which is used by Microsoft has a character limit for links. This type of error will appear if the authorization request or link is longer than the said limit,.

Protocols like OpenID Connect, allow state as a parameter in the authorization request, and the identity provider will return that state in the response as you can find that in error page you provided . Because of which the request URL becomes large as sometimes the state parameter is long.(which might be the possible case here)

Try to call the AddOidcStateDataFormatterCache extension method on the IServiceCollection in startup class which uses the distributed cache in the backend like:

services.AddIdentityServer()
    .AddDeveloperSigningCredential()
    .AddInMemoryIdentityResources(Config.GetIdentityResources())
    .AddInMemoryApiResources(Config.GetApiResources())
    .AddInMemoryClients(Config.GetClients())
    .AddTestUsers(Config.GetUsers());

 services.AddAuthentication()
            .AddOpenIdConnect("aad", "Azure AD", options =>
            {
                // ...
            })

you can write the way as below :

services.AddOidcStateDataFormatterCache(); //Add this line

    services.AddAuthentication()
        .AddOpenIdConnect("aad", "Azure AD", options =>
        {
            // ...
        })

You may check these similar References for more details :

Sign-in with External Identity Providers — IdentityServer4 1.0.0 documentation

(Or)

See section : 22.4 Handling the callback and signing in the user in IdentityServer4 Documentation

At least check for dns or firewall issues .