I keep getting this error when I try to log into Box via SSO. User is assigned in Azure AD and Box has set up SSO via the metadata file.
|Additional technical information:|
|Correlation ID: 2b4de03c-202c-4ad2-9ab3-cef54c071145|
|Timestamp: 2017-09-07 23:49:36Z|
|AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: f1764360-e0ec-4446-911e-cd6fc0d4dd61. Resource value from request: . Resource app ID: 00000002-0000-0000-c000-***number removed for privacy***000. List of valid resources from app registration: .|
I am also having the same problem after following the instructions here:
I opened a case with box.com support and they said there was an issue with the setup of AAD. I am still working on the issue but if I come to a solution I will post it here.
Update: I found the issue and the fix. The issue is that the article from Microsoft is wrong. The Identifier needs to be "box.net" and the reply URL needs to be "https://sso.services.box.net/sp/ACS.saml2". After making these changes the SSO for box was working as expected:
Thank you, this has me closer than before. Now just need to work through the Invalid Credential error, but at least I'm on the right page now.