Error experienced
Authentication to Azure fails with error:
“AADSTS50146: This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid.”
Error verification
No other error verification information is applicable.
Cause
The Enterprise App registration in the customer’s AzureAD has been modified to either:
-
include custom claims
-
the manifest has been modified with the property “acceptMappedClaims“ set to a value of true;
Cause verification
In the agent log file, there will be continious entries for:
2023-03-29 00:00:17.233 +00:00 [FTL] Exception <GetTask>d__12.MoveNext error: AADSTS50146: This application is required to be configured with an application-specific signing key. It is either not configured with one, or the key has expired or is not yet valid.
Trace ID: 91747a10-059d-4ee7-953b-6e9e91c67600
Correlation ID: c21245cc-f77d-4a87-8807-8e4efbaf97d3
Timestamp: 2023-03-29 00:00:17Z
Fix
Delete the Enterprise App registration from the customer’s AzureAD.
Have their AzureAD Administrator navigate to their CI Sync instance and Accept the Permissions requested and to Consent on behalf of your organisation:
In Azure AD, the App Registrations that were previously created for the Agent Managed Service Identities will need to have the API permission for the CI Sync Enterprise App granted again.
Related Articles
There are currently no related articles.
Control Information
|
Created |
|
|---|---|
|
Reviewed |
|
|
Data Classification |
PUBLIC
|