SAP Knowledge Base Article - Preview

3261811 - IPS job from Azure AD to IAS fails: Oauth request failed with status: 401 and AADSTS7000222

Symptom

In the Identity Provisioning job log from Azure Active Directory to IAS , the following similar error messages are displayed.

  • com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system>' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: HTTP operation failed invoking https://graph.microsoft.com/v1.0/users?... with statusCode: 401 and body {\"error\":{\"code\":\"Authorization_IdentityNotFound\",\"message\":\"The identity of the calling application could not be established.
  • com.sap.cloud.ips.runtime.exception.ProvisioningException: Can not read entities from source system: '<Azure AD system> ' Caused by: com.sap.cloud.ips.connectors.api.ConnectorException: Connector cannot process more entities due to irreparable error Caused by: com.sap.cloud.ips.connector.exception.ProvisioningRuntimeException: Oauth request failed with status: 401 and body: {\"error\":\"invalid_client\",\"error_description\":\"AADSTS7000222: The provided client secret keys for app 'xxxx' are expired. Visit the Azure portal to create new keys for your app: https://aka.ms/NewClientSecret, or consider using certificate credentials for added security: https://aka.ms/certCreds


Read more...

Environment

Identity Provisioning

Product

Identity Provisioning all versions

Keywords

AADSTS7000222, The provided client secret keys for application are expired, Oauth request failed with status: 401   , KBA , BC-IAM-IPS , Identity Provisioning Service (IPS) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.