/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- You are using SAP Cloud Identity Services as proxy and Microsoft Entra ID as Corporate IdP
- Microsoft Entra ID is configured as OpenID Connect
- During the validation step in the OpenID configuration tab you get an error similar to
"Failed to receive tokens from URI [https://login.microsoftonline.com/.../oauth2/v2.0/token]. Received response error [401 Unauthorized: "{"error":"invalid_client","error_description":"AADSTS700021: Client assertion application identifier doesn't match 'client_id' parameter. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials
Read more...
Environment
- SAP Identity Authentication Service
- Microsoft Entra ID
Product
SAP Cloud Identity Services all versions
Keywords
OIDC, Azure, IdP, Ms Entra, OpenID, Identity Provider, IAS, IDS, 401, Unauthorized, AADSTS700021, Client ID, invalid_client , KBA , BC-IAM-OID , OIDC/OAUTH2 component in SAP Cloud Identity Services , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)