Symptom
In the Identity Provisioning job log from Azure Active Directory to IAS , the following similar error messages are displayed.
- com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system>' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking https://graph.microsoft.com/v1.0/users?... with statusCode: 401 and body {\"error\":{\"code\":\"Authorization_IdentityNotFound\",\"message\":\"The identity of the calling application could not be established.
- com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system> ' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: Connector cannot process more entities due to irreparable error Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Oauth request failed with status: 401 and body: {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000222: The provided client secret keys for app 'xxxx' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds
Read more...
Environment
Identity Provisioning
Product
Identity Provisioning all versions
Keywords
AADSTS7000222, The provided client secret keys for application are expired, Oauth request failed with status: 401 , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.