Knowledge Base

Support Policies

OAuth2/OIDC URI generates a 401 error on WinSSO realms

SecureAuth Idp Version affected:  All

 

Description:  

A 401 Unauthorized error is received when attempting to access the OAuth2/OIDC (OpenID Connect) URI (e.g. https://SecureAuthIdP/SecureAuth#/.well-known/openid-configuration) on realms using WinSSO (Windows SSO)

 

 

Cause: 

The OAuth2/OIDC endpoints should be accessible using anonymous authentication but having Windows authentication enabled for the realm prevents this.

  

Resolution:  

 The .well-known location needs to be enabled for anonymous authentication as follows:

1. Create a folder called ".well-known" in the affected realm, e.g.:
D:\Secureauth\SecureAuth#\.well-known

Windows Explorer will not let you create a folder starting with a period character so please use either the command line or PowerShell to create the folder as follows;

Using Powershell:
Set-Location D:\Secureauth\SecureAuth#
New-Item .well-known -ItemType Directory

Or using CMD:
CD D:\Secureauth\SecureAuth#
MD .well-known

2. Now Copy the attached ‘web.config’ into the ‘.well-known’ folder.

 

Please see this article for help with accessing the other OAuth/OIDC endpoints in a WinSSO realm

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.