LATEST VERSION: 1.5 - CHANGELOG
Single Sign-On v1.5

Troubleshooting

This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Azure Active Directory (Azure AD), OpenID Connect (OIDC), and Pivotal Single Sign-On (SSO).

Bad Request

Symptom:

Azure oidc bad request

Explanations:

  • This is a generic error. Review UAA logs for detailed information.
  • This error can occur when the application type is created as Native. Ensure you created your client in Azure AD as Web App/API.
  • This error can occur when a response type other than id_token is used. Ensure you configure the response type to use id_token.

Cannot determine username from credentials supplied

Symptom:

Azure oidc no username

Explanation:

  • No value is mapped to the username used by PCF. Under the identity provider attributes, map the unique_name attribute to username

Azure Error for Reply Address

Symptom:

Azure oidc address error

Explanation:

  • The reply URL is misconfigured. Ensure you entered your callback URL correctly as a reply URL in Azure AD.

Login Page Cannot Be Found (404 Error)

Symptom:

Azure oidc login 404

Explanation:

  • The Authorization Endpoint URL may be incorrectly entered or not available. Ensure you correctly entered the authorization endpoint, and that the authorization endpoint is available to the end user.

Error authenticating against external identity provider: 404 Not Found

Symptom:

Azure oidc idp 404

Explanation:

  • The Token Key URL may be incorrectly entered or not available. Ensure that you entered the token key setting correctly, and that the Token Key URL is available.

Error authenticating against external identity provider: Invalid issuer for token did not match expected

Symptom:

Azure oidc invalid token

Explanation:

  • The Token Key URL may be incorrectly entered. Ensure that you entered the issuer setting correctly.

Request Method ‘POST’ not supported (405 Error)

Symptom:

Azure oidc post error

Explanation:

  • This error can occur if you configure a response type that Azure AD does not support or has not been enabled for the application, such as token or code id_token token. Ensure that you configure the response type to id_token.

Error authenticating against external identity provider: Some parties were not in the token audience

Symptom:

Azure oidc client id error

Explanation:

  • The Relying Party Client ID may be incorrectly entered. Ensure you have correctly entered the relying party client ID setting.
Create a pull request or raise an issue on the source for this page in GitHub