This topic tells you how to resolve common errors that arise when configuring a single sign-on partnership between Microsoft Entra ID, OpenID Connect (OIDC), and Single Sign‑On for VMware Tanzu.

Bad Request

Symptom

You see an error similar to the following screenshot:

Explanations

Possible explanations are as follows:

• This is a generic error. Review UAA logs for detailed information.
• This error can occur when the app type is created as Native. Ensure you created your client in Microsoft Entra ID as Web App/API.
• This error can occur when a response type other than code is used. Ensure you configure the response type to use code.

Cannot determine username from credentials supplied

Symptom

You see an error similar to the following screenshot:

Explanation

No value is mapped to the username used by Tanzu Operations Manager. Under the identity provider attributes, map the unique_name attribute to username

Azure Error for Reply Address

Symptom

You see an error similar to the following screenshot:

Explanation

The reply URL is misconfigured. Ensure you entered your callback URL correctly as a reply URL in Microsoft Entra ID.

Login Page Cannot Be Found (404 Error)

Symptom

You see an error similar to the following screenshot:

Explanation

The Authorization Endpoint URL might be incorrectly entered or not available. Ensure you correctly entered the authorization endpoint, and that the authorization endpoint is available to the end user.

Error authenticating against external identity provider: 404 Not Found

Symptom

You see an error similar to the following screenshot:

Explanation

The Token Key URL might be incorrectly entered or not available. Ensure that you entered the token key setting correctly, and that the Token Key URL is available.

Error authenticating against external identity provider: Invalid issuer for token did not match expected

Symptom

You see an error similar to the following screenshot:

Explanation

The Token Key URL might be incorrectly entered. Ensure that you entered the issuer setting correctly.

Request Method ‘POST’ not supported (405 Error)

Symptom

You see an error similar to the following screenshot:

Explanation

This error can occur if you configure a response type that Microsoft Entra ID does not support, or is not enabled for the application, such as token or code id_token token. Ensure that you configure the response type to code.

Error authenticating against external identity provider: Some parties were not in the token audience

Symptom

You see an error similar to the following screenshot:

Explanation

The Relying Party Client ID might be incorrectly entered. Ensure you have correctly entered the relying party client ID setting.