How to Resolve “Received Invalid OAuth Authorization Request” Error When Integrating MFT with ADFS via SAML

This article addresses an issue encountered when integrating MetaDefender Managed File Transfer with ADFS using SAML authentication. The error message received during login was:

The issue was caused by a mismatch between the 'redirect_uri' configured in the MFT application and the one registered in the Identity Provider (IdP) settings in ADFS. The IdP was rejecting the OAuth request due to the unrecognized or incorrect redirect URI.

Resolution Steps

Step 1: Verify 'redirect_uri' in MFT Configuration

• Access the MFT server configuration.
• Locate the SAML or OAuth configuration section where the 'redirect_uri' is specified.
• Make note of the exact URI value.

Step 2: Verify Registered 'redirect_uri' in ADFS

• Log in to the ADFS management console.
• Navigate to the Relying Party Trusts or App Registrations, depending on your setup.
• Confirm that the 'redirect_uri' registered for the client application exactly matches the value from MFT.

Step 3: Correct the URI if Mismatched

• If the URIs do not match:
  • Either update the MFT configuration to match the value in ADFS,
  • Or update the ADFS registered 'redirect_uri' to reflect the value used in MFT.

Step 4: Test the Integration

• Restart the MFT service if needed.
• Attempt to log in via the ADFS SAML flow.
• Confirm that the login process completes without errors.

Note

• If you are using a load balancer or proxy in front of MFT, ensure that the public-facing URL is the one registered as the 'redirect_uri'.
• If multiple environments are in use (e.g., staging, production), ensure each environment has the appropriate 'redirect_uri' registered.