OneStream Community

Vasanth · ‎03-02-2023

Hi,

We are trying to setup REST API by following the OS documentation. Here we are using Azure as external authentication provider. We are able to get the token successfully, but passing back to the OS fails. Please advise on how to resolve this. Below the error message in Postman,

"Error processing External Provider Sign In information. Token Validation Failed. IDX10214: Audience validation failed. Audiences: '00000002-0000-0000-c000-000000000000'. Did not match: validationParameters.ValidAudience: '3ace3d44-xxxxxxxxxxx-2651d589213e' or validationParameters.ValidAudiences: 'null'"

Vasanth · ‎05-01-2023

All,

I was able to get it fixed by connecting with OneStream support. Basically, there are some information missed in the Rest API documentation.

After all the setup is done as per the documentation, we need to add a native user and, in the authentication, select as external user (Azure or Okta etc whatever you have for external AD). And in the external user name you need to provide the client ID as setup at the Azure or Okta.

Then in your rest API connection you need to use this native user name and the client secrets as the password.

Hope this helps!

Thanks,

Vasanth

View solution in original post

ChrisLoran · ‎03-03-2023

Hello,
I would raise a support ticket. The mention of Azure suggests this is a cloud/SAAS implementation, so might need the cloud team to investigate.

What do you mean by "OS documentation"? The REST API guide? Server Configuration documents?

I assume there is not a problem with Azure AD users logging in to the application through the normal OS client, and it's only coming up with an error for your REST API client (Postman)?
By the look at that error I suspect this might have something to do with an incorrect Client ID (OneStream Web Api ClientID in the configuration file) may not match the ClientID in the REST API header.

(Don't forget to restart IIS if server config changes are made).

Vasanth · ‎03-03-2023

Thanks Chris for your response. It is actually an on-premises setup, and we are trying to configure API and running into the issues mentioned.

ckattookaran · ‎04-29-2023

Is Azure configured correctly and can you login using external auth? If so then you'll have to look at the REST api config. There is one change on the AZURE which I cannot remember correctly now that needs to be configured on Azure. However, this is not the error that I remember seeing.

AlanY · ‎04-28-2023

We are also running into problem with setting up the REST API in OneStream using Azure, but the error looks a little different

"Error processing External Provider Sign In information. Token Validation Failed. IDX10208: Unable to validate audience. validationParameters.ValidAudience is null or whitespace and validationParameters.ValidAudiences is null."

AlanY · ‎05-01-2023

Vasanth · ‎05-01-2023