I'm trying to connect to my Salesforce QA environment on Azure Data Factory but am not having any success even though I entered my username, password, and my security token after resetting it under Salesforce QA>Settings>My Personal Information>Reset My Security Token. Am I missing something?
I tried putting some environment urls but it didn't work so I removed it. Not sure what else I can do at this point... Any pointers would be greatly appreciated!
Nevermind this is resolved! I set the environment url to https://test.salesforce.com and it worked. :)
Related
A recurring job has started to fail, I've recreated the issue with Postman.
Error:
"error": "invalid_grant",
"error_description": "AADSTS50126: Error validating credentials due to invalid username or password."
"error_codes": [50126]
"error_uri": "https://login.microsoftonline.com/error?code=50126"
The Username & Password used, work with MS Graph Explorer so I'm confident that the password has not changed. I did change the grant_type=client_credentials and this works so I believe the rest of the settings are also correct. I did ramp up the frequency of the job from daily to hourly lately, but the error message indicates an authentication issue.
I'm running out of ideas to try & troubleshoot, perhaps someone knows something that I don't.
Postman settings:
These are the production settings used in MS Power Automate, the same as above.
If its an unattended process and uses the client credentials flow, then the username and password are not being used at all.
An Access token is being obtained using the clientId and the client secret alone.
It'd help if you can list the operations that you are planning to call in the question.
Note that MS Graph uses both delegated and application permissions and depending on the Api being called, you would be required to sign-in as an app of sign-in a user. Its a bit of a learning curve and I'd recommend you go through a session like this one.
Problem: Authentication error when trying to authenticate to MS Graph API with an AD account that had previously worked.
Final Hypothesise: A potential issue between cloud authentication & on-prem AD authentication.
Solution: A new AzureAD service account specifically for the purpose was created & provisioned with similar access to the original service account & all worked as normal.
Summary: The issue seems to have been the link between AzureAD & on-premAD. Hope this helps someone out in future
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.
I am using HttpwebRequest to pull list of all Components from Urban-code Deploy to my application. I have used my own credential in the code(C#) to access it. It is working fine. Now, i have to use the Service account that my company has, in order to pass the credential. I tried using DefaultCredential and defaultNetworkcredential but getting same error--Unauthorized access. Any help!!! Thank u!!!
You got an answer on the UrbanCode forum here: https://developer.ibm.com/answers/questions/372586/authentication-using-service-account-without-admin/?smartspace=urbancode
You just need a user account in the system with permissions to access the data. Accessing data via REST API requires the same permissions as through the UI. There's no way to bypass that.
I have a Mule application which uses the Salesforce connector.
When I started developing this application, I first used oAuth to connect to Salesforce, but it kept giving me the following error: Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session key: <key>, so I switched to basic authentication for Salesforce.
This has worked great, but now, after some time, the application still throws the Invalid Session ID found in SessionHeader: Illegal Session. Session not found, missing session key: <key> error.
This is unexpected behaviour, since each request contains the username, password and secret token.
It looks to me like some old version is in the Mule cache or something, which makes it want to use the oAuth method again. Is this a possibility?
Any ideas on how to fix this?
#Sytze You need to check the flag in the Salesforce connector for all applications sharing the same user credentials to Disable session invalidation (disableSessionInvalidation="true"). What is likely happening is one of your other applications is invalidating the session while your current app still believes its active.
In the connector configuration , check for the correct Token code ( generated via sfdc ) .
Update the latest code and try again
Your security token that you add with your password while calling it would have expired. Create a new token for you account/email-id in salesforce and use that and it should work
Best would be to use the oAuth to call salesforce.
my app was pulling feeds to my site for over a year, and recently stopped working late this month(23/03/2015).
I debugged the application, and still don't know why my access token is reported malformed. Here is a sample of a token which to me perplexes me as at the end there is a # tag in it, something I don't expect with QueryString access tokens:
AQD2pAp0kqILBZ9ysXGarDVdmcnnknRgnLvnLdml2TuiLXH8grq8mHkyBCE3jjoEahyMl17myD7ldp1DDWRYEIP9EEnwSHUU5-sZk3mZv6p5YTLpfTVQntYeuuYbIYEn13e3PkF2_cCQbRU2R769xr_Cj0j3Gf_HygWElOQq3BtivxTgN4Db1HfEzrIpnR7309sAZAwKJKbTGw07KukL51oVn1di0gcO2dn5ffv5V4MEb4RuVLLNrcjZWbVPB7Ktyiy62Gw-64ypMqyx2zj_0quZKFlgV0fBE_TY3K_iMr-XEGuodId1hk0n7k89DUjXa40#=
Looking at my application on Facebook(app), it is clear that I should expect access tokens on request from Query String.
Something is definitely wrong, as this access token reports a malformed access token. This is a recent bug that has just cropped up so I think.
Any body know about this problem? I can't access my feeds from my facebook profile using this access token to expose to my web based application.
Any help or suggestions are welcome.
Kind regards
Martin Okello.
Probably, you were using the read_stream permission which is no longer granted to apps. You should try to regenerated an Access Token with the new user_posts permission and use this Access Token instead.
See
https://developers.facebook.com/docs/apps/changelog#v2_3_new_features
https://developers.facebook.com/docs/facebook-login/permissions/v2.3#reference-read_stream