Share via

Sharepoint on prem one drive and authentication issue

Hamza Ashraf 20 Reputation points
2024-10-10T11:37:24.0533333+00:00

Scenario :

We have a SharePoint On-prem setup in our organization, We are trying to authenticate our users through EntraID and have setup OIDC using the following documentation https://learn.microsoft.com/en-us/sharepoint/security-for-sharepoint-server/set-up-oidc-auth-in-sharepoint-server-with-msaad

 

In this environment we need a one drive setup as well. We have followed

https://learn.microsoft.com/de-de/sharepoint/sites/set-up-onedrive-for-business#verify-that-onedrive-is-available-to-your-users

and can see one drive appearing on MySites. But when we try to launch t gets stuck in the “We’re setting things up page”

 

Secondly the SharePoint api’s sends back an 401 unauthorized error when we try to use Outh2.0 (Have successfully generated the bearer token )

 

ERROR : Signature validation failed. Unable to resolve SecurityKeyIdentifier: 'SecurityKeyIdentifier

    (

    IsReadOnly = False,

    Count = 2,

    Clause[0] = X509ThumbprintKeyIdentifierClause(Hash = 0x31CEE5DC8CFDDE0EEEC2035E15435B0FD66063E4A),

    Clause[1] = System.IdentityModel.Tokens.NamedKeySecurityKeyIdentifierClause

    )

Microsoft 365 and Office | SharePoint Server | Development
Microsoft Security | Microsoft Authenticator
Answer accepted by question author
  1. RaytheonXie_MSFT 40,496 Reputation points Microsoft External Staff
    2024-10-11T08:49:32.52+00:00

    Hi @Hamza Ashraf,

    From the error message, you could try to add an x509 Security key or credentials. Please refer to following document

    Granting access via Azure AD App-Only

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Hamza Ashraf 20 Reputation points
    2024-10-16T05:00:00.46+00:00

    Subject: Thumbprint Validation Issue with OIDC in Postman

    We are encountering a thumbprint validation error while implementing OpenID Connect (OIDC) authentication using Postman. Despite providing the correct certificate thumbprint, client ID, and secret, the token validation process fails due to a thumbprint mismatch. We have verified the certificate thumbprint using the .well-known/openid-configuration endpoint and confirmed that our configurations align with the settings of our identity provider (Azure AD).

    We are using the RS256 signing algorithm, and the token's key ID appears to match one of the keys in the JWK set. However, the thumbprint validation still fails during the token issuance process. Could you please assist in identifying the cause of this issue and provide guidance on how to resolve the thumbprint mismatch? Thank you for your help.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.