Product and version: FileMaker Server 17.0.2
Hardware: 2-server configuration, both with Windows Server 2016; 32GB RAM; 12-core; gobs of hard drive space
Description: After setting up Microsoft External Authentication in the FileMaker Server 17 Admin Console by copy/pasting the Directory ID, Azure Application ID, and Azure Key, I tested my files (which had Azure Groups added to them) from FileMaker Pro and WebDirect. FileMaker Pro 17 did not show a Sign in with Microsoft button. WebDirect generates a Sign in with Microsoft logo in the login window, but it fails with a message of "Message: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: <<application ID>>."
I searched in many places to figure out what was wrong, then looked at my configuration settings again and noticed there was a space in my Azure Key. I checked the source and realized the space should have been a "+" character. I added it and clicked save. Tested again, but same results. Triple-checked the key and the space was there again. Added it back, clicked Save, then looked right away and saw it was stripped out. I then typed the entire key and clicked save, but it was still stripped out.
How to replicate: Set up Microsoft Azure Application ID in Azure, generate key with "+" in it, put all three pieces of info into the FileMaker Server 17 Administration...External Authentication...Microsoft section and click Save Authentication Settings. Heck, you probably don't even need to generate a key - just type a bunch of letters and numbers and include a "+". Click save and it'll probably be stripped. (Just confirmed - any random string of letters and numbers with a plus character will have the character stripped out.)
Workaround (if any): Regenerate keys in Azure until you have one without a plus sign (I hope, as I'll by requesting this from our Azure admin in the morning).