3546794 - Error "AADSTS7000215: Invalid client secret provided" when using Azure as Corp-IdP with OIDC

Symptom

When using the Identity Authentication Service (IAS) tenant as a proxy in a corporate IDP initiated login scenario with the corporate IdP Azure, the error detailed in the screenshot below is displayed:

message="OIDC login failed: org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: '{'error':'invalid_client','error_description':'AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP Identity Authentication Service
Microsoft Entra ID

Product

SAP Cloud Identity Services all versions

Keywords

OIDC, Azure, IdP, Ms Entra, OpenID, Identity Provider, IAS, IDS, 401, Unauthorized, AADSTS7000215, Client ID, Secret ID, invalid_client , KBA , BC-IAM-OID , OIDC/OAUTH2 component in SAP Cloud Identity Services , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.