AADSTS500031: Cannot find signing certificate configured

WATERKAMP, OLIVER 111 Reputation points
2020-10-27T14:02:28.303+00:00

Hello

I am trying to authenticate my SPA (Angular) using Azure Active Directory and the client library angular-oauth2-oidc.

I am using the oauth2 grant-type 'authentication_code'.

Problem:
I receive an error after requesting the token at following endpoint:
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token

Error:
HttpResponseCode = 400 (BadRequest)
ErrorMsg: AADSTS500031: Cannot find signing certificate configured

I double checked my token-request again with its parameters again.
And I don't see anything wrong or missing.

Can anyone give me a more detailed explaination what this error-msg above means?

This error is not well documented in the Microsoft-Docs and I don't have more ideas where to look
and what I can do.

Thanks for every hint.

Best regards,
Oliver

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,369 questions
0 comments No comments
{count} votes

Accepted answer
  1. WATERKAMP, OLIVER 111 Reputation points
    2020-10-28T12:01:34.13+00:00

    Hi all

    As I already assumed the error was a result of a missconfiguration within the Azure Active Directory.

    After adding a missing SAML certificate it works!

    How to solve it:

    1. In the Azure platform go to Azura Active Directory
    2. Click on Enterprise Appications
    3. Search for the specific enterprise application you try to authenticate
    4. Click on the specific enterprise application to see the overview of it
    5. Click in the menu under 'manage' the 'single sign-on' (see the attached image)
    6. Click on the SAML pane (see the attached image)
    7. Add the missing 'SAML Signing Certificate'
    8. You're DONE!

    35724-image.png

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. soumi-MSFT 11,771 Reputation points Microsoft Employee
    2020-10-27T15:18:52.16+00:00

    Hello @WATERKAMP, OLIVER , thank you for reaching out. MSAL for Angular still doesn't support Authorization_Code Grant Flow of OAuth. To get this working you would have to implement the implicit_grant flow

    You can find a sample for implementing implicit grant flow using the MSAL for Angular library: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-angular

    I would suggest you post this request as feedback here on the User Voice. This will allow the community to upvote and for the product team to include in their plans.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as an Answer; if the above response helped in answering your query.

    0 comments No comments

  2. WATERKAMP, OLIVER 111 Reputation points
    2020-10-27T16:16:07.46+00:00

    Hi @soumi-MSFT

    Thanks for helping me out.

    I am not using the Msal-library for authentication.
    I'm using following library: angular-oauth2-oidc

    But what you're meaning with "...Msal for Angular still doesn't support Authorization_Code Grant flow for oAuth" ?
    Here it says that MSAL version 2 does support Authorization_Code flow:
    msal-js-2-0-supports-authorization-code-flow-is-now-generally-available

    Here on this official repo it says also that Auhorization_Code flow is on Msal-Lib V2 available:
    microsoft-authentication-library-for-js

    35436-image.png


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.