Error configuring Azure endpoint

book

Article ID: 223882

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Followed the documentations of Azure Connector and  having the following error:

Create Azure Endpoint "Azure test": Failed to execute CreateAzureEndpoint. ERROR MESSAGE: Endpoint 'Azure test' creation failed: Connector Server Add failed: code 19 (CONSTRAINT_VIOLATION): failed to add entry eTDYNDirectoryName=Azure test,eTNamespaceName=Azure,dc=im_ar,dc=etasa: [email protected]<connectorserver>: AzureRest: Bad Request: Access token request failed with error code: 'invalid_request'.Error description: 'AADSTS90014: The required field 'scope' is missing from the credential. Ensure that you have all the necessary parameters for the login request. Trace ID: <id> Correlation ID: <correlation-id> Timestamp: 202x-08-02 19:37:28Z'.More information can be found here: 'https://login.microsoftonline.com/error?code=90014'. (ldaps://<connectorserver>:20411),

 

 

Cause

- needs confirm the URL's provided by Azure Administrator if matches with information provided in docops
- Under session "Create an Azure Endpoint in CA Identity Manager" item 3. d. 

i.v. Azure AD Graph API Endpoint URL : Enter the Microsoft Azure AD Graph API Endpoint URL.
For example: https://graph.windows.net/<tenant-ID>
Note: Remember that you made a note of this URL while setting up a client application in Azure.

v. Azure OAuth Token Endpoint URL: Enter the OAuth 2.0 Token Endpoint URL of Azure. For example: https://login.microsoftonline.com/<tenant-ID>/oauth2/token.
Note: Remember that you made a note of this URL while setting up a client application in Azure.


Environment

Release : 14.3

Component :

Resolution

Fixed the connection URL's from:

1. Azure AD Graph API Endpoint URL:

From:  https://graph.microsoft.com/<tenant-ID>
To: https://graph.windows.net/<tenant-ID> 

2. Azure oAuth Token Endpoint URL:

From: https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/token
To: https://login.microsoftonline.com/<tenant-id>/oauth2/token

After these changes the acquire of Azure Rest endpoint worked fine.