PowerCLI cmdlet New-OAuthSecurityContext fails with "Authorized party is not valid" on vCenter Server 8.0 U2 after Configuring Azure AD
search cancel

PowerCLI cmdlet New-OAuthSecurityContext fails with "Authorized party is not valid" on vCenter Server 8.0 U2 after Configuring Azure AD

book

Article ID: 301565

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

Configuring Azure AD for authenticating on vCenter Server 8.0 U2 will be able to authenticate through the vCenter GUI but not PowerCLI. The following error appears when authenticating using the PowerCLI cmdlet New-OAuthSecurityContext: 

Authorized party is not valid

Environment

vCenter Server 8.0 U2

Resolution

Ensure that vCenter 8.0.3 or later is installed as well as PowerCLI 13.3

Refer to How to Enable Entra ID for vCenter Server to ensure configurations are correct.

Additional Information

Connect to a vCenter Server System Configured for an External Identity Provider

"If your vCenter Server is configured with an external identity provider, such as Microsoft Active Directory Federation Services (AD FS) or other external identity provider supported by VMware Identity Service, you can authenticate with PowerCLI by using the OAuth 2.0 Authorization Code grant type.

You can authenticate to a federated vCenter Server by creating a new OAuth security context and then exchanging it for a SAML security context. You create an OAuth security context for PowerCLI by using the New-OAuthSecurityContext cmdlet. One way to do this is to authenticate through the Authorization Code grant type, which is illustrated by this example. This workflow guarantees a substantial degree of security and can be used with multi-factor authentication."