Subject must match Issuer claim in the client assertion

0
votes

I want to integrate office365 service management API for collecting events from it.I want to use client credential way to use service to service call but i am getting following error,

{

"error":"invalid_client",

"error_description":"AADSTS50048: Subject must match Issuer claim in the client assertion.

\r\nTrace ID: 1ad7acd8-3945-4fe0-a313-07638eb76e42\r\nCorrelation ID: a6c3a3c9-b737-4bfc-894f-3086c3ce8dfa\r\nTimestamp: 2016-06-09 07:20:15Z",

"error_codes":[50048 ],

"timestamp":"2016-06-09 07:20:15Z",

"trace_id":"1ad7acd8-3945-4fe0-a313-07638eb76e42",

"correlation_id":"a6c3a3c9-b737-4bfc-894f-3086c3ce8dfa"

}

i use following doc to integration, For getting client assersion, https://msdn.microsoft.com/en-us/library/azure/dn645543.aspx I am getting this. But for Access token, https://msdn.microsoft.com/en-us/library/office/dn707383.aspx I not getting this as a response getting above error. Somebody help me please :)

1
javaazureoffice365azure-active-directory
Can include the requests that you're making? Also, have you looked at the authentication libraries for Java (github.com/AzureAD/azure-activedirectory-library-for-java)?Saca

1 Answers

0
votes

How did you get the client_assertion? The link you provide doesn’t describe how to get the ‘client_assertion’. It acquire the token with the app’s id and secret which is doesn’t support for the Office 365 Management API. You can refer the blog to about the ‘client_assertion’.

And here is an C# code sample which use the ADAL to get the access token for the client credentials flow:

        string clientId = "{clientId}";
        string certThumbprint = "‎{copy from mmc}";
        certThumbprint = certThumbprint.Replace("\u200e", string.Empty).Replace("\u200f", string.Empty).Replace(" ", string.Empty);
        string apiResourceId = "https://manage.office.com";
        X509Certificate2 cert = null;
        X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser);
        string authority = "https://login.windows.net/{yourTentant}";

        var authContext = new AuthenticationContext(authority);
        try
        {
            store.Open(OpenFlags.ReadOnly);
            cert = store.Certificates.Find(X509FindType.FindByThumbprint, certThumbprint, false)[0];
        }
        finally
        {
            store.Close();
        }
        var certCred = new ClientAssertionCertificate(clientId, cert);


        AuthenticationResult result = null;
        try
        {
            result = await authContext.AcquireTokenAsync(apiResourceId, certCred);
        }
        catch (Exception ex)
        {

        }