Power Platform based solution that allows users to request teams and automates team creation. NO LONGER MAINTAINED. Please use 'Provision Assist' - https://github.com/pnp/provision-assist-m365/ instead.
MIT License
234
stars
66
forks
source link
Get Access Token for Service Account: Error AADSTS50126: Error validating credentials #369
When the Logic App runs the process completes (the Team is built) however no Sensitivity Label is applied to the team. Checking the Run it has an error on 'Get access token for service account':
Description
When the Logic App runs the process completes (the Team is built) however no Sensitivity Label is applied to the team. Checking the Run it has an error on 'Get access token for service account':
{ "statusCode": 400, "headers": { "Pragma": "no-cache", "Strict-Transport-Security": "max-age=31536000; includeSubDomains", "X-Content-Type-Options": "nosniff", "x-ms-request-id": "6b94c72a-ffa6-4020-a447-ba7d303a4f00", "x-ms-ests-server": "2.1.13315.8 - NEULR1 ProdSlices", "X-XSS-Protection": "0", "Cache-Control": "no-store, no-cache", "P3P": "CP=\"DSP CUR OTPi IND OTRi ONL FIN\"", "Set-Cookie": "fpc=Aux22KyFavtGtvlkp7satYe_kuEMAQAAAKdgc9oOAAAA; expires=Fri, 26-Aug-2022 16:36:55 GMT; path=/; secure; HttpOnly; SameSite=None,x-ms-gateway-slice=estsfd; path=/; secure; samesite=none; httponly,stsservicecookie=estsfd; path=/; secure; samesite=none; httponly", "Date": "Wed, 27 Jul 2022 16:36:55 GMT", "Content-Length": "495", "Content-Type": "application/json; charset=utf-8", "Expires": "-1" }, "body": { "error": "invalid_grant", "error_description": "AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: 6b94c72a-ffa6-4020-a447-ba7d303a4f00\r\nCorrelation ID: 5bd05ce5-20ad-48b2-a509-dabfed573562\r\nTimestamp: 2022-07-27 16:36:55Z", "error_codes": [ 50126 ], "timestamp": "2022-07-27 16:36:55Z", "trace_id": "6b94c72a-ffa6-4020-a447-ba7d303a4f00", "correlation_id": "5bd05ce5-20ad-48b2-a509-dabfed573562", "error_uri": "https://login.microsoftonline.com/error?code=50126" } }
Steps to reproduce
Expected results
Expect to see sensitivity label applied to Team
Actual Results
Team is created with no sensitivity label.
Solution component
Logic Apps
Operating system (environment)
Windows
Additional Info
I have manually recreated new key vault with sapassword and sausername and amend the flow to use it however the same issue occurs.
BTW. The username and password for this service account is used throughout the App config and is correct.
In addition FYI: https://docs.microsoft.com/en-us/answers/questions/385629/aadsts50126-error-validating-credentials-due-to-in-1.html this article explains that for this to work we need to:
We have Password Hash Sync already enabled do we need to also do steps 2 & 3 so that will allow federated user to authenticate directly from AzureAD without requiring to redirect to the federated Identity Provider (IDP)? (https://medium.com/@amanmcse/ropc-username-password-flow-fails-with-aadsts50126-invalid-username-or-password-for-federated-90c666b4808d)