web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Service to service OAu...
Small and medium business | Business Central, N...
Unanswered

Service to service OAuth2 error :IDX10501: Signature validation failed.

(0) ShareShare
ReportReport
Posted on by LorSon 23

I have installed Business Central on premise version 19.6 and configured the integration with Azure AD.

I'm able to connect using Azure AD user to my business central.

After i have made the Server to Server configuration with OAuth2 as explained on docs.microsoft.com/.../automation-apis-using-s2s-authentication

I receive the token from Azure AD but when I try to call
https://<my host>:7048/BC190/api/beta
I receive the error:
"error": {
        "code""Unknown",
        "message""IDX10501: Signature validation failed. Unable to match key: \nkid: 'System.String'.\nExceptions caught:\n 'System.Text.StringBuilder'. \ntoken: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.  CorrelationId:  8dcef1e4-3d2a-4b2f-a166-18300365caf2."
    }
On the EventViwer I have the event ID 216:
Server instance: BC190
Tenant ID:
Environment Name:
Environment Type:
Type: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException
Message: IDX10501: Signature validation failed. Unable to match key:
kid: 'System.String'.
Exceptions caught:
'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
Any idea to solve the problem or I can specify the correct the problem?
I have the same question (0)
  • Lars Lohndorf-Larsen Profile Picture
    Lars Lohndorf-Larsen on at
    RE: Service to service OAuth2 error :IDX10501: Signature validation failed.

    Hello,

    Please try with latest Cu for BC19, you can get it from here:

    docs.microsoft.com/.../update-versions-19

    I can't be sure but it may be related to this:

    docs.microsoft.com/.../whats-new-active-directory-federation-services-windows-server

    ===

    Bug fix: Send x5t and kid claim - This is a minor bug fix. AD FS now additionally sends the 'kid' claim to denote the key id hint for verifying the signature. Previously AD FS only sent this as 'x5t' claim.

    ===

    And later builds in BC cater for this bugfix.

    So this is what I would try to begin with. You only need to do a technical update, or install latest BC on a test PC to check.

    hth

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Small and medium business | Business Central, NAV, RMS

#1
Nimsara Jayathilaka. Profile Picture

Nimsara Jayathilaka. 3,406

#2
Sumit Singh Profile Picture

Sumit Singh 2,852

#3
Rishabh Kanaskar Profile Picture

Rishabh Kanaskar 2,217

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans