Configuring your Reply URLs is very important to get correct.  The following PowerShell script can be used to configure your Reply URLs automatically.

Get-AzureADApplication -All:$true | Format-Table
$appId = Read-Host -Prompt "Copy and paste the AppId from the proper application listed above: "
$site = Read-Host -Prompt "Ok. Now, what's your site URL? Just https://whatever:port (if the port is needed): "
$url1 = "$site/jtcgi/wtlogout.pyc"
$url2 = "$site/jtcgi/r/adlogin/sso"
$url3 = "$site/jtcgi/r/adlogin/token"

Write-Host $url1
Write-Host $url2
Write-Host $url3

$app = Get-AzureADApplication -Filter "AppId eq '$($appId)'"
#Write-Host $app

$allReplyUrls = $app.ReplyUrls;

# Add Reply URL if not already in the list
foreach ($replyUrl in $url1,$url2,$url3) {
        if ($allReplyUrls -NotContains $replyUrl) {
           Write-Host "Adding" $replyUrl
           Set-AzureADApplication -ObjectId $app.ObjectId -ReplyUrls $allReplyUrls }    Else {
           Write-Host $replyUrl "already exists."
Read-Host -Prompt "All done. Press Enter to exit."