What causes AADSTS50071?

Clock skew between the application/IdP server and Microsoft Entra ID (Azure AD) — system time drift beyond the allowed tolerance. SAML LogoutRequest NotOnOrAfter window set too short by the relying party. User or browser delayed completing the logout flow (tab left open, redirect interrupted) until the request expired. Cached or replayed logout response being re-submitted after its validity window. Reverse proxy / load balancer buffering the SLO POST long enough for the assertion to expire

How do I fix AADSTS50071?

Verify the system clock on the application server is synchronized via NTP — drift >5 minutes from Entra ID will reliably trigger this error. Increase the NotOnOrAfter / logout request lifetime in your SAML toolkit (e.g. extend from 60s to 300s) so brief network delays don't expire the request. Have the user close all browser tabs and start a fresh sign-out — do not re-use a stale logout URL or a back-button navigation. Check intermediate proxies, WAFs, and CDN rules for buffering or rewriting POST bodies on the /saml/logout endpoint. If the issue is recurring across users, review Entra ID Sign-in logs (filter on Sign-out events) and correlate timestamps with your application logs to confirm clock alignment

High severityauthentication

Power BI Error:
AADSTS50071

What does this error mean?

The SAML logout request sent to Microsoft Entra ID (Azure AD) exceeded its validity window before being processed.

Common causes

1Clock skew between the application/IdP server and Microsoft Entra ID (Azure AD) — system time drift beyond the allowed tolerance
2SAML LogoutRequest NotOnOrAfter window set too short by the relying party
3User or browser delayed completing the logout flow (tab left open, redirect interrupted) until the request expired
4Cached or replayed logout response being re-submitted after its validity window
5Reverse proxy / load balancer buffering the SLO POST long enough for the assertion to expire

How to fix it

1Verify the system clock on the application server is synchronized via NTP — drift >5 minutes from Entra ID will reliably trigger this error
2Increase the NotOnOrAfter / logout request lifetime in your SAML toolkit (e.g. extend from 60s to 300s) so brief network delays don't expire the request
3Have the user close all browser tabs and start a fresh sign-out — do not re-use a stale logout URL or a back-button navigation
4Check intermediate proxies, WAFs, and CDN rules for buffering or rewriting POST bodies on the /saml/logout endpoint
5If the issue is recurring across users, review Entra ID Sign-in logs (filter on Sign-out events) and correlate timestamps with your application logs to confirm clock alignment

Frequently asked questions

What does AADSTS50071 mean?

The logout request has expired.

How do I fix this error?

Check your application registration, token configuration, and user permissions in the Azure portal. Review Conditional Access policies if the error is policy-related.

Source · learn.microsoft.com/en-us/entra/identity-platform/reference-error-codes#aadsts-error-codes