Setting up OpenID IDP with Azure AD: error "access_denied", "unexpected iss value

jasmin.parent · January 4, 2021, 7:42pm

Hi,

I am setting up an enterprise connection to an Azure AD OpenID app registration that is MULTITENANT, that is, its using “common” everywhere a single tenant application would use its tenant id basically (like in the token and authorize url for example).

I have this in the connection configuration:
Issuer URL: https:// login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Issuer: https:// login.microsoftonline.com/common/v2.0
Authorization Endpoint: https:// Sign in to your account
JWKS URL: https:// login.microsoftonline.com/common/discovery/v2.0/keys
client id: the azure app client id
type front channel

I tried back channel and providing the secret but I get the same error when testing the connection:

  "error": "access_denied",
  "error_description": "unexpected iss value, expected https://login.microsoftonline.com/common/v2.0, got: https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0"
}```

Topic		Replies	Views
Using Microsoft IdP via OIDC, allowing any issuer Help azure-ad , azure , microsoft	3	4634	March 4, 2024
Oops!, something went wrong Help identifier-first , login-experience	8	3352	March 31, 2023
Azure AD multitenant configuration not working Help	5	4118	February 23, 2023
"Use Common Endpoint" Azure AD Connector fails Help	3	4827	March 30, 2018
IDP initiated SSO using Azure My Apps Help connections , azure-ad-enterprise-connection	0	977	July 18, 2023

Setting up OpenID IDP with Azure AD: error "access_denied", "unexpected iss value

Related topics