OAuth2/OIDC URI generates a 401 error on WinSSO realms

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth Idp Version affected: All


    A 401 Unauthorized error is received when attempting to access the OAuth2/OIDC (OpenID Connect) URI (e.g.https://SecureAuthIdP/SecureAuth#/.well-known/openid-configuration) onrealms using WinSSO (Windows SSO)


    The OAuth2/OIDC endpoints should be accessible using anonymous authentication but having Windows authentication enabled for the realm prevents this.


    The .well-known location needs to be enabled for anonymous authentication as follows:

    1. Create a folder called ".well-known" in the affected realm, e.g.:

    Windows Explorer will not let you create a folder starting with a period character so please use either the command line or PowerShell to create the folder as follows;

    Using Powershell:
    Set-Location D:\Secureauth\SecureAuth#
    New-Item .well-known -ItemType Directory

    Or using CMD:
    CD D:\Secureauth\SecureAuth#
    MD .well-known

    2. Now Copy the attached 'web.config' into the '.well-known' folder.

    Please see this article for help with accessing the other OAuth/OIDC endpoints in a WinSSO realm

    SecureAuth Knowledge BaseArticles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    2 out of 2 found this helpful



    Please sign in to leave a comment.