Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Single sign on failed - OIDC

TRDTOYGP August 2, 2023

Hi Team

Our secret for this OIDC service had expired and a new one was created, but we will still getting the same error message even after updating the secret key under Authentication methods.

1 - udpated secret to new secret reeived from azure system

2 - Updated the issuer URL to https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/token
3 - Added the addtional settings as it wouldnt want me to save the changed made.

https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/authorize
https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/token
https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/userinfo

Error I am reeiveing.
[KSSO-I54BMS31JV] Failed OIDC resume login: [OIDC-95FRPX2LAY] Failed parsing JSON returned from OIDC POST request: [OIDC-K6JCV4L81E] Failed performing OIDC POST request: Expected HTTP 200 OK. Actual response was HTTP 401 UNAUTHORIZED Please check that your client_secret is correct., requested url: https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/token

 

 

4 comments

TRDTOYGP August 3, 2023

Anyone can help or share details of another thread that has experienced the same issue maybe?

TRDTOYGP August 4, 2023

Anyone expereinced this issue and can help me out?

Elias Brattli Sørensen - Kantega SSO
Contributor
August 22, 2023

Hi,

Apologies for the very delayed response, @TRDTOYGPI didn't see this post until now. I hope you reached out to our support team in our service desk to resolve the issue.

I hope that your issue is resolved now, but I'll still post a solution for future people who might stumble upon this thread while searching the internet. From the error message you're showing, it was very likely that you copied the Secret ID, and not the Secret itself when you created a new client secret in Azure AD. The secret ID comes in a similar format as the secret itself, so they're just too similar, and the fields lie right next to each other in the Azure AD user interface. Many people confuse these values, Microsoft has made it easy making this mistake.

Regards,
Elias Brattli Sørensen
Kantega SSO

True Item LLC
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
March 18, 2024

In our particular case the issue happened due to AzureAD secret expiration while Bamboo was forced to login with IDP provider.

Solution to change `$BAMBOO_HOME/kerberos/saml/providers/<PROVIDER ID>/provider.xml` with new secret and restart Bamboo. The hint was received here https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1868002/Enforce+SSO+and+MFA

Hope this might help someone.

Elias Brattli Sørensen - Kantega SSO
Contributor
March 18, 2024

This makes sense, thank you for sharing, @True Item LLC ! We at Kantega SSO will have a look at ways to offer a more obvious solution to this. We will update our error messages and docs to suggest this as a possible explanation.

Comment

Log in or Sign up to comment
TAGS
AUG Leaders

Atlassian Community Events