03-02-2023 09:46 PM - last edited on 08-11-2023 11:33 AM by JackLacava
Hi,
We are trying to setup REST API by following the OS documentation. Here we are using Azure as external authentication provider. We are able to get the token successfully, but passing back to the OS fails. Please advise on how to resolve this. Below the error message in Postman,
"Error processing External Provider Sign In information. Token Validation Failed. IDX10214: Audience validation failed. Audiences: '00000002-0000-0000-c000-000000000000'. Did not match: validationParameters.ValidAudience: '3ace3d44-xxxxxxxxxxx-2651d589213e' or validationParameters.ValidAudiences: 'null'"
Solved! Go to Solution.
05-01-2023 10:43 AM
All,
I was able to get it fixed by connecting with OneStream support. Basically, there are some information missed in the Rest API documentation.
After all the setup is done as per the documentation, we need to add a native user and, in the authentication, select as external user (Azure or Okta etc whatever you have for external AD). And in the external user name you need to provide the client ID as setup at the Azure or Okta.
Then in your rest API connection you need to use this native user name and the client secrets as the password.
Hope this helps!
Thanks,
Vasanth
03-03-2023 05:02 AM - edited 03-03-2023 05:13 AM
Hello,
I would raise a support ticket. The mention of Azure suggests this is a cloud/SAAS implementation, so might need the cloud team to investigate.
What do you mean by "OS documentation"? The REST API guide? Server Configuration documents?
I assume there is not a problem with Azure AD users logging in to the application through the normal OS client, and it's only coming up with an error for your REST API client (Postman)?
By the look at that error I suspect this might have something to do with an incorrect Client ID (OneStream Web Api ClientID in the configuration file) may not match the ClientID in the REST API header.
(Don't forget to restart IIS if server config changes are made).
03-03-2023 05:10 AM
Thanks Chris for your response. It is actually an on-premises setup, and we are trying to configure API and running into the issues mentioned.
04-29-2023 03:39 PM
Is Azure configured correctly and can you login using external auth? If so then you'll have to look at the REST api config. There is one change on the AZURE which I cannot remember correctly now that needs to be configured on Azure. However, this is not the error that I remember seeing.
04-28-2023 12:17 PM
We are also running into problem with setting up the REST API in OneStream using Azure, but the error looks a little different
"Error processing External Provider Sign In information. Token Validation Failed. IDX10208: Unable to validate audience. validationParameters.ValidAudience is null or whitespace and validationParameters.ValidAudiences is null."
05-01-2023 10:00 AM - edited 05-01-2023 10:06 AM
05-01-2023 10:43 AM
All,
I was able to get it fixed by connecting with OneStream support. Basically, there are some information missed in the Rest API documentation.
After all the setup is done as per the documentation, we need to add a native user and, in the authentication, select as external user (Azure or Okta etc whatever you have for external AD). And in the external user name you need to provide the client ID as setup at the Azure or Okta.
Then in your rest API connection you need to use this native user name and the client secrets as the password.
Hope this helps!
Thanks,
Vasanth