Hello,
I'm using cloud access manager 8.1.4. I've already an active directory authenticator.
I want to add an Azure Active Directory to grant access to users of a O365 tenant.
I've followed this guide : https://support.oneidentity.com/fr-fr/technical-documents/cloud-access-manager/8.1.3/configuration-guide/2#TOPIC-853701 which is deprecated given the actual versions of Azure AD.
I've created an application in Azure AD portal , given the needed permissions , and i had Client ID and the Application Key (secret).
Now, when i add the authenticator in Cloud Access manager, i put these value as in the guide :
Client ID * = clientiD of the application created in Azure AD.
Application Key = key defined in Azure AD
Windows Azure AD Graph API Endpoint * = https://graph.microsoft.com
OAuth 2.0 Token Endpoint * = https://login.microsoftonline.com/{tenantI_D}/oauth2/v2.0/token
When i test connection , it fails, and the logs show the following :
- success to obtain a token
-Failure with this error : InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience
GetAccessToken - Success = True [], Token =
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlJaZTFkZ2RjUjNMMHdPR05BSUxsVjRKYTl0ayJ9.eyJpc3MiOiJ1cm46UlNUUy9pZGVudGl0eSIsIm5iZiI6MTYyMDUwNzI2NiwiZ
XhwIjoxNjIwNTkzNjY2LCJhdXRobWV0aG9kIjoicnN0czpwd2QiLCJhdXRoX3RpbWUiOiIyMDIxLTA1LTA4VDIwOjU0OjI2LjM1MDg1NjlaIiwiaHR0cDovL3NjaGVtYXMubWljcm9zb2Z0LmN
vbS9hY2Nlc3Njb250cm9sc2VydmljZS8yMDEwLzA3L2NsYWltcy9pZGVudGl0eXByb3ZpZGVyIjoidXJuOlJTVFMvaWRlbnRpdHkiLCJhenAiOiIwMDAwMDAwMC0wMDAwLTAwMDAtMDAwMC0wMD
AwMDAwMDAwMDAiLCJyc3RzOnN0czpjbGFpbXM6c2NvcGUiOiJyc3RzOnN0czpwcmltYXJ5cHJvdmlkZXJpZDpyc3RzOnB3ZCB1cm46cnN0czpzdHM6Y29uZmlnIiwicnN0czpzdHM6Y2xhaW1z
OnNudG5sIjoiMCJ9.JFfQx1TVw2RNsr03fremHFwwuXM-1aBNnM7ipwEJAgTUlXZeNHliHh6ynO9DcwJ2ZQll24HYYVnXX0VzmdYkuDd0rRcG6wqHB6xB8wM8rXRDhqH-c-Pzn6MY1H5IDfxXCRo
6b-KIhkLvTQMI3sYr6pS_IwcYaMVesh4Z4CqBILFsw5N1LPO8ygOJg7ScKeHfTJM9vO71YBDL386S4d_qxgWQtreUW4s_ZEqIVI9CBrNl5npth3XV0jaHY23kOHuQm076sAEDPdgMt3P2FLNdRiJT_
R-KJbJH-hoQnFRn-krfwmFiA120deT6QXr09tI1Z3WcMnbYLztvlwD0X9zPJg
DEBUG 2021-05-08 22:54:26,382 23714422118ms [102] RstsAccessFacade rectoryCredentials - ConfigurationUpdater exit
DEBUG 2021-05-08 22:54:26,382 23714422118ms [102] RstsAccessFacade tDirectorySettings - Checking directory settings for [] [1cd129d1-34d1-4b91-9383-1d19a54xxxx]
DEBUG 2021-05-08 22:54:26,554 23714422290ms [102] RstsAccessFacade LogTaskResult - Query returned 400 Bad Request False
DEBUG 2021-05-08 22:54:26,554 23714422290ms [102] RstsAccessFacade LogTaskResult - Content = <?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="schemas.microsoft.com/.../dataser
vices/metadata"><m:code>DataServiceQueryException</m:code><m:message xml:lang="fr-CH">An error occurred while processing this request.</m:message><m:innererror><m:message>A
n error occurred while processing this request.</m:message><m:type>System.Data.Services.Client.DataServiceQueryException</m:type><m:stacktrace> at
RSts.AzureActiveDirectoryProvider.AzureActiveDirectoryProvider.TestSettings()
at Rsts.Api.ProviderConfigurationController.Save(Object obj)
at RSts.OData.ODataContext.SaveChanges()
at System.Data.Services.DataService`1.HandleNonBatchRequest(RequestDescription description)
at System.Data.Services.DataService`1.HandleRequest()</m:stacktrace><m:internalexception><m:message>{"error":{"code":"InvalidAuthenticationToken","message":"Access token validation failure. Invalid audience.",
"innerError":{"date":"2021-05-08T20:55:05","request-id":"9df016c4-6a63-47e4-9820-5569xxxxxxx","client-request-id":"9df016c4-6a63-47e4-9820-5569xxxxx"}}}</m:message><m:type>System.Data.Services.Client.DataServiceClientException</m:type><m:stacktrace> at System.Data.Services.Client.BaseAsyncResult.EndExecute[T](Object source, String method, IAsyncResult asyncResult)
at System.Data.Services.Client.QueryResult.EndExecuteQuery[TElement](Object source, String method, IAsyncResult asyncResult)</m:stacktrace></m:internalexception></m:innererror></m:error>
DEBUG 2021-05-08 22:54:33,732 23714429468ms [57] NodesController Get - Get nodes -->
Do you have any idea ?
Many thanks by advance.