← Back to all provider errors
Microsoft
AADSTS81010 — Desktop SSO Kerberos ticket invalid
Kerberos ticket expired/invalid for Seamless SSO.
Riposte solution
Azure AD Seamless SSO failed due to a Kerberos issue (ticket invalid or expired). This is environment-specific. Ensure the user's device is domain-joined and the user is logged in to the domain. If this error appears, falling back to a normal login prompt is a good idea. In short, require interactive login via /auth/sessions rather than silent SSO for this attempt.
Quick facts
- Provider
- Microsoft
- Endpoint / surface
- Azure AD Seamless SSO
- Status code
- 400
Why it happens
[Expired/malformed ticket; Time skew]
How to fix it
[Ensure device/domain login and time sync; re-login]