Box SSO Error

SOLVED
Go to solution
Senior Member

Box SSO Error

I keep getting this error when I try to log into Box via SSO. User is assigned in Azure AD and Box has set up SSO via the metadata file. 

 

 

 

image.png

 

Additional technical information:
Correlation ID: 2b4de03c-202c-4ad2-9ab3-cef54c071145
Timestamp: 2017-09-07 23:49:36Z
AADSTS65005: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: f1764360-e0ec-4446-911e-cd6fc0d4dd61. Resource value from request: . Resource app ID: 00000002-0000-0000-c000-***number removed for privacy***000. List of valid resources from app registration: .
8 REPLIES
Box Certified Professional

Re: Box SSO Error

@sxc7885,

 

This is likely an error with the SSO configuration in your identity provider. Are you working with an implementation consultant to set up your SSO? If so, I would work with them. If not, then you should contact Box Support

 

Bob

Occasional Contributor

Re: Box SSO Error

Did you ever get a response to this? I'm having the same issue and have been banging my head against the wall trying to figure it out.

New Contributor

Re: Box SSO Error

I am also having the same problem after following the instructions here:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-saas-box-tutorial

 

I opened a case with box.com support and they said there was an issue with the setup of AAD. I am still working on the issue but if I come to a solution I will post it here.

 

Highlighted
New Contributor

Re: Box SSO Error

Update: I found the issue and the fix. The issue is that the article from Microsoft is wrong. The Identifier needs to be "box.net" and the reply URL needs to be "https://sso.services.box.net/sp/ACS.saml2". After making these changes the SSO for box was working as expected:

 

BoxSSO_settings.jpg

 

Box Certified Professional

Re: Box SSO Error

@sxc7885@jsaling@BrianAndrews

 

Hi guys,

 

Hopefully you have had a great new year and this excellent response from @BrianAndrews will be the solution to your problems.  If you find that his answer is correct please be sure to mark it as a solution.  Solid work Brian.

Occasional Contributor

Re: Box SSO Error

Thank you, this has me closer than before. Now just need to work through the Invalid Credential error, but at least I'm on the right page now.

New Contributor

Re: Box SSO Error

OMG.  I wasted half a day trying to figure this out.  Thanks a bunch! 

Senior Member

Re: Box SSO Error

Dear All,

Thank you very much for that.

The Azure AD interface seems to have been updated since.
Does the URL: https://sso.services.box.net/sp/ACS.saml2 still have to go into the Reply URL? Cause that URL is giving an error in itself, if we attempt to open it separately. Is that the expected behaviour?
Also, what should go in the Sign-On URL and the Reply State please?
Thanks!