cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Facing error while getting the access token using Oauth saml2

sharathnasa
Explorer

on ‎07-09-2019 10:05 AM

0 Kudos

Hi All,

I'm trying to get the access token from the C4C tenant using oauth saml2 assertion method. I have configured the Identity provider and also done OAuth2.0 Client Registration in the C4C. But when i try to run the code, i'm getting the below mentioned error.

{ "error":"invalid_grant","error_description":"The provided authorization grant is invalid. Exception was: Entity HTTPS://my338727-sso.crm.ondemand.com is not defined in the element 'AudienceRestriction'. For more information consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545." }

Could you please help me to solve this issue.

Regards,

Sharath

Show replies
Show replies
former_member1071748
Member
‎11-12-2020 6:05 AM
0 Kudos

I have also same issue and im not using SAP cloud platform

Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

subramanyagt
Explorer
‎07-05-2023 9:19 AM
0 Kudos

I am getting the same error and have the same scenario as yours. Do we know the solution for this. In my case, Identifier (Entity ID) in Azure is matching with the local provider name.

{ "error": "invalid_grant", "error_description": "Provided authorization grant is invalid. Exception was Entity https://xyzomain.com:8001/sap/bc/sec/o is not defined in the element 'AudienceRestriction'. For more information, consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545"

}

Show replies
Show replies
wilson_degressi
Explorer
a month ago
0 Kudos
hello Subraman, please were you able to fix this? If yes, please can you share the solution? Thank you, Wilson
former_member851689
Explorer
‎05-02-2023 1:50 PM
0 Kudos

Hello I am facing the same issue. I am using Azure as IdP, and SAP Netweaver Gateway is the Service Provider.

I made sure the Service Provider name is same as the scope field. And I don't know where else to look or configured. I am following this blog

{ "error": "invalid_grant", "error_description": "Provided authorization grant is invalid. Exception was Entity https://xx.com:44300/sap/bc/sec is not defined in the element 'AudienceRestriction'. For more information, consult the kernel traces or the OAuth 2.0 trouble shooting SAP note 1688545"

}

*xx - is a reference to domain name.

Show replies
Show replies
gregorw
Active Contributor
‎11-24-2020 8:01 AM
0 Kudos

Have you checked the results of the trace in report SEC_TRACE_ANALYZER that is mentioned in Note 1688545.

Show replies
Show replies
Suchita92
Participant
‎07-16-2019 11:47 AM
0 Kudos

Hi,

Are you using IdP from SAP Cloud Platform to invoke SSO ?

- Suchita

Show replies
Show replies
Ask a Question