Skip to main content

Notifications

Announcements

Announcing Category Subscriptions!
News and Announcements icon
Dynamics 365 Community / Forums / Small and medium business | Business Central, N... / Service to service OAu...
Small and medium business | Business Central, N...
Unanswered

Service to service OAuth2 error :IDX10501: Signature validation failed.

(0) ShareShare
ReportReport
Posted on by LorSon 5

I have installed Business Central on premise version 19.6 and configured the integration with Azure AD.

I'm able to connect using Azure AD user to my business central.

After i have made the Server to Server configuration with OAuth2 as explained on docs.microsoft.com/.../automation-apis-using-s2s-authentication

I receive the token from Azure AD but when I try to call
https://<my host>:7048/BC190/api/beta
I receive the error:
"error": {
        "code""Unknown",
        "message""IDX10501: Signature validation failed. Unable to match key: \nkid: 'System.String'.\nExceptions caught:\n 'System.Text.StringBuilder'. \ntoken: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.  CorrelationId:  8dcef1e4-3d2a-4b2f-a166-18300365caf2."
    }
On the EventViwer I have the event ID 216:
Server instance: BC190
Tenant ID:
Environment Name:
Environment Type:
Type: Microsoft.IdentityModel.Tokens.SecurityTokenSignatureKeyNotFoundException
Message: IDX10501: Signature validation failed. Unable to match key:
kid: 'System.String'.
Exceptions caught:
'System.Text.StringBuilder'.
token: 'System.IdentityModel.Tokens.Jwt.JwtSecurityToken'.
Any idea to solve the problem or I can specify the correct the problem?
  • Lars Lohndorf-Larsen Profile Picture
    Lars Lohndorf-Larsen on at
    RE: Service to service OAuth2 error :IDX10501: Signature validation failed.

    Hello,

    Please try with latest Cu for BC19, you can get it from here:

    docs.microsoft.com/.../update-versions-19

    I can't be sure but it may be related to this:

    docs.microsoft.com/.../whats-new-active-directory-federation-services-windows-server

    ===

    Bug fix: Send x5t and kid claim - This is a minor bug fix. AD FS now additionally sends the 'kid' claim to denote the key id hint for verifying the signature. Previously AD FS only sent this as 'x5t' claim.

    ===

    And later builds in BC cater for this bugfix.

    So this is what I would try to begin with. You only need to do a technical update, or install latest BC on a test PC to check.

    hth

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Announcing Category Subscriptions!

Quick Links

photo of Muhammad Affan

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

thumbnail image of a pie chart section

Top 10 leaders for November!

Congratulations to our November super stars!

thumbnail image of the word Tip

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,359 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,370 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans