Hi Team
Our secret for this OIDC service had expired and a new one was created, but we will still getting the same error message even after updating the secret key under Authentication methods.
1 - udpated secret to new secret reeived from azure system
2 - Updated the issuer URL to https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/token
3 - Added the addtional settings as it wouldnt want me to save the changed made.
https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/authorize
https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/token
https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/userinfo
Error I am reeiveing.
[KSSO-I54BMS31JV] Failed OIDC resume login: [OIDC-95FRPX2LAY] Failed parsing JSON returned from OIDC POST request: [OIDC-K6JCV4L81E] Failed performing OIDC POST request: Expected HTTP 200 OK. Actual response was HTTP 401 UNAUTHORIZED Please check that your client_secret is correct., requested url: https://login.microsoftonline.com/710b1675-b870-4652-b453-d417a82a0b6f/oauth2/v2.0/token
Hi,
Apologies for the very delayed response, @TRDTOYGPI didn't see this post until now. I hope you reached out to our support team in our service desk to resolve the issue.
I hope that your issue is resolved now, but I'll still post a solution for future people who might stumble upon this thread while searching the internet. From the error message you're showing, it was very likely that you copied the Secret ID, and not the Secret itself when you created a new client secret in Azure AD. The secret ID comes in a similar format as the secret itself, so they're just too similar, and the fields lie right next to each other in the Azure AD user interface. Many people confuse these values, Microsoft has made it easy making this mistake.
Regards,
Elias Brattli Sørensen
Kantega SSO
In our particular case the issue happened due to AzureAD secret expiration while Bamboo was forced to login with IDP provider.
Solution to change `$BAMBOO_HOME/kerberos/saml/providers/<PROVIDER ID>/provider.xml` with new secret and restart Bamboo. The hint was received here https://kantega-sso.atlassian.net/wiki/spaces/KSE/pages/1868002/Enforce+SSO+and+MFA
Hope this might help someone.
This makes sense, thank you for sharing, @True Item LLC ! We at Kantega SSO will have a look at ways to offer a more obvious solution to this. We will update our error messages and docs to suggest this as a possible explanation.