Probable Cause:
The Reply URL (Assertion Consumer Service URL) configured in Azure AD does not exactly match the ACS URL provided by the miniOrange plugin.
Solution:
- In the miniOrange SAML SSO plugin, go to Service Provider Metadata and copy the ACS URL (Assertion Consumer Service URL). Also note the SP Entity ID/Issuer.
- In Azure Portal, open: Microsoft Entra ID → Enterprise Applications → [Your SAML app] → Single sign-on → SAML.
- Under Basic SAML Configuration, verify:
- Reply URL (ACS URL) matches the plugin ACS URL exactly (https, domain, path, case, and trailing slash).
- Identifier (Entity ID) matches the plugin SP Entity ID/Issuer.
- Click Save.
- Clear cache (browser/WordPress/CDN if used) and re-test SSO.
Note: If you have multiple environments (staging/prod), make sure the Reply URL and Identifier values are set for the correct environment you’re testing.
Still need help?
Contact us at samlsupport@xecurify.com
