Troubleshooting
- Bad Request
- Cannot determine username from credentials supplied
- Azure Error for Reply Address
- Login Page Cannot Be Found (404 Error)
- Error authenticating against external identity provider: 404 Not Found
- Error authenticating against external identity provider: Invalid issuer for token did not match expected
- Request Method 'POST' not supported (405 Error)
- Error authenticating against external identity provider: Some parties were not in the token audience
Pivotal Web Services End of Availability Announced
For more information, see Frequently Asked Questions.
This topic describes how to resolve common errors that arise when configuring a single sign-on partnership between Azure Active Directory (Azure AD), OpenID Connect (OIDC), and Pivotal Single Sign-On (SSO).
Bad Request
Symptom:
Explanations:
- This is a generic error. Review UAA logs for detailed information.
- This error can occur when the application type is created as Native. Ensure you created your client in Azure AD as Web App/API.
- This error can occur when a response type other than
id_token
is used. Ensure you configure the response type to useid_token
.
Cannot determine username from credentials supplied
Symptom:
Explanation:
- No value is mapped to the username used by PWS. Under the identity provider attributes, map the
unique_name
attribute tousername
Azure Error for Reply Address
Symptom:
Explanation:
- The reply URL is misconfigured. Ensure you entered your callback URL correctly as a reply URL in Azure AD.
Login Page Cannot Be Found (404 Error)
Symptom:
Explanation:
- The Authorization Endpoint URL may be incorrectly entered or not available. Ensure you correctly entered the authorization endpoint, and that the authorization endpoint is available to the end user.
Error authenticating against external identity provider: 404 Not Found
Symptom:
Explanation:
- The Token Key URL may be incorrectly entered or not available. Ensure that you entered the token key setting correctly, and that the Token Key URL is available.
Error authenticating against external identity provider: Invalid issuer for token did not match expected
Symptom:
Explanation:
- The Token Key URL may be incorrectly entered. Ensure that you entered the issuer setting correctly.
Request Method ‘POST’ not supported (405 Error)
Symptom:
Explanation:
- This error can occur if you configure a response type that Azure AD does not support or has not been enabled for the application, such as
token
orcode id_token token
. Ensure that you configure the response type toid_token
.
Error authenticating against external identity provider: Some parties were not in the token audience
Symptom:
Explanation:
- The Relying Party Client ID may be incorrectly entered. Ensure you have correctly entered the relying party client ID setting.