Access token validation failure. Invalid audience requesting AzureADPolicies - powershell

Im using powershell to connect to azure ad and what I need is to get a list of the policies that were configured.
First, I used Connect-azuread to get into my tenant, and when I tryed to use Get-AzureADPolicy, I'm having this error:
Get-AzureADPolicy: Error occurred while executing GetPolicies Code: InvalidAuthenticationToken Message: Access token validation failure. Invalid audience. InnerError:
DateTimeStamp: Wed, 16 Feb 2022 20:36:13 GMT HttpStatusCode: Unauthorized HttpStatusDescription: Unauthorized HttpResponseStatus: Completed
any ideas of what could I been doing wrong?
Thanks

I have tested in my environment. I was able to get the list of policies successfully.
Try using AzureADPreview latest module
Uninstall-Module AzureAD
Install-Module AzureADPreview
Import-Module AzureADPreview
Now, use cmdlet “Connect-AzureAD” with credentials and “Get-AzureADPolicy” to display the list of policies.
If still the error remains, please check if you have permissions and granted consent for the same.
Try with "Connect-AzureAD -AzureEnvironmentName AzureUSGovernment"
Reference:
Get-AzureADDirectorySetting - Authintication problems - Microsoft Q&A

Related

Getting an error with Connect-NsxServer with powershell PowerNSX module

after running this command
$cred = get-credential
Connect-NsxServer -vCenterServer MyVsphereServer -Credential $cred
I get this error
Connection to NSX server 10.X.X.X failed : Invoke-NsxRestMethod : The NSX API response received indicates a failure. 403 : Forbidden : Response Body:
At C:\Program Files\WindowsPowerShell\Modules\PowerNSX\3.0.1174\PowerNSX.psm1:4939 char:13
+ Throw "Connection to NSX server $NsxServer failed : $_"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Connection to N...Response Body: :String) [], RuntimeException
+ FullyQualifiedErrorId : Connection to NSX server 10.X.X.X failed : Invoke-NsxRestMethod : The NSX API response received indicates a failure. 403 : Forbidden : Respons
e Body:
I see this in the error, but have never set this before either
The variable '$defaultNSXConnection' cannot be retrieved because it has not been set.
The PowerNSX module comment says:
Invoke-NsxWebRequest uses either a specified connection object as returned
by Connect-NsxServer, or the $DefaultNsxConnection global variable if
defined to construct a REST api call to the NSX API.
My account permissions can't be the issue. I can log into the NSX gui and have enterprise admin creds. I can also successfully log into Vsphere with powercli module and run cmdlets against it. It's specifically when I try to connect to NSX that I get an error. Lost at this point. Not sure why it won't work. Tried by IP and FQDN. the -vcenterserver parameter is prefered according to their documenation, and I do see Green text response directing to the correct nsx manager IP address. Everything looks right, but clearly something isn't.
powernsx apparently REQUIRES you to use the administrator#vsphere.local account to use it, regardless if your other admin account can make any API call supported by NSX with native API calls.
Didn't see that in the powernsx documentation. If it's not just an oversite on my part, that really should be front and center in their docs.
We have MS AD authenticated accounts that we use with vSphere. I use PowerNSX with my own credential and no, I do not have to use administrator#vsphere.local. The only way I have success is if I am careful to put the domain of the account in all-caps, Kerberos style. When I give the credential, the ONLY format that works for me is "username#MY.DOMAIN.COM" it is extremely case sensitive.
vSphere 6.7, NSX 6.4.8, PowerNSX 3.0.1174

Oracle Integration Cloud: https://outlook.office.com/api/v2.0/me/sendmail returned a response status of 403 Forbidden

Tried configuring MS outlook adapter in Oracle Integration Cloud (OIC) Env.
The connection was successful. But when testing the complete implementation getting below error.
https://outlook.office.com/api/v2.0/me/sendmail returned a response status of 403 Forbidden
"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."
<genericRestFault><errorCode>403</errorCode><errorPath><![CDATA[POST https://outlook.office.com/api/v2.0/me/sendmail returned a response status of 403 Forbidden]]></errorPath><instance><![CDATA[{"error":{"code":"ErrorAccessDenied","message":"Access is denied. Check credentials and try again."}}]]></instance></genericRestFault>
:Application Error
I am successfully able to test the OIC Microsoft Outlook adapter to send email with attachment.When you configure the Adapter,please make sure that you have correctly set the followings.
Client Id:
Client Secret:
Scope: https://outlook.office.com/mail.send offline_access

"Access is denied due to invalid credentials" REST API error. How to solve?

I followed the documentation here: and here: Trying to integrate to a Personality Insights service via Android Java.
However, after the app runs, and using the correct username and password as mentioned in the guide... (the guide is not clear (2nd bullet point in "Before you begin") on which set of credentials to use - It says get the "service credentials" and credentials from the new service created - I tried with both and both fail with the same error below.)
Error:
12-11 01:49:56.201 29584-29632/? I/CredentialUtils: JNDI string lookups is not available. 12-11 01:49:56.269 29584-29632/? D/NetworkSecurityConfig: No Network Security Config specified, using platform default 12-11 01:49:56.723 29584-29632/? D/OkHttp: --> POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 http/1.1 (1297-byte body) 12-11 01:49:56.803 29584-29632/? D/OkHttp: <-- 401 Not Authorized https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 (78ms, unknown-length body) 12-11 01:49:56.863 29584-29632/? E/WatsonService: POST https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13, status: 401, error: Not Authorized 12-11 01:49:56.865 29584-29632/? E/ERROR: Unauthorized: Access is denied due to invalid credentials
com.ibm.watson.developer_cloud.service.exception.UnauthorizedException: Unauthorized: Access is denied due to invalid credentials at com.ibm.watson.developer_cloud.service.WatsonService.processServiceCall(WatsonService.java:492) at com.ibm.watson.developer_cloud.service.WatsonService$2.execute(WatsonService.java:254) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:105) at com.upen.personalityapp.MainActivity$RetrieveFeedTask.doInBackground(MainActivity.java:87) at android.os.AsyncTask$2.call(AsyncTask.java:306) at java.util.concurrent.FutureTask.run(FutureTask.java:237) at android.os.AsyncTask$SerialExecutor$1.run(AsyncTask.java:244) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:761) 12-11 01:49:56.866 29584-29584/?
This is the code I am using; I am trying to pass a "text" input to the service.
service = new PersonalityInsights("2017-10-13");
service.setUsernameAndPassword("{myUsername}", "{myPassword}");
Profile profile = service.getProfile(text).execute();
System.out.println(profile);
return profile.toString();
I am using the com.ibm.watson.developer_cloud:personality-insights:3.8.0 dependency.
I tried connecting to the URL in the error (https://gateway.watsonplatform.net/personality-insights/api/v3/profile?version=2017-10-13 ) via a browser. It prompts for a username/password combo. I entered my details from my IBM Cloud Lite service but it throws the HTTP Error 405. Is this how it's supposed to work on the browser?
For someone in the future;
Instead of service.setUsernameAndPassword(username, password);, I tried service.setUsernameAndPassword("username", "password"); and it worked.

Office 365 REST API Beta - retrieving Outlook tasks from other users "forbidden"?

I'm curious if anyone else has seen the following behavior from the Office 365 REST API beta when attempting to retrieve Outlook tasks for users other than one's self?
I've confirmed that I've granted my application the necessary permissions for it to retrieve tasks for all users:
https://outlook.office.com/api/beta/me/tasks
-> I get a result
https://outlook.office.com/api/beta/users/abc#xyz.com/tasks
-> I get a 403 forbidden error
If developer is reading this, could this be an issue w/the beta API which will be corrected in the near future? Or, is there something else which could be going sideways?
Aside from "tasks", I can retrieve contacts, mail, etc. from other users just fine.
Here is the response I get whenever I attempt to query another user's tasks:
HTTP/1.1 403 Forbidden
Transfer-Encoding: chunked
request-id: 5c375fd9-d5ed-4fd3-8e1a-ab3dc61feaf3
X-CalculatedFETarget: BN3PR03CU002.internal.outlook.com
X-BackEndHttpStatus: 403, 403
X-FEProxyInfo: BN3PR0301CA0017.NAMPRD03.PROD.OUTLOOK.COM
X-CalculatedBETarget: BN3PR0501MB1298.namprd05.prod.outlook.com
x-ms-diagnostics: 2000008;reason="The token contains not enough scope to make this delegate access call.";error_category="invalid_grant"
OData-Version: 4.0
X-DiagInfo: BN3PR0501MB1298
X-BEServer: BN3PR0501MB1298
X-FEServer: BN3PR0301CA0017, CO1PR06CA031
X-MSEdge-Ref: Ref A: 5CE3BDDBE9BB483ABA0F13CE2EC07F80 Ref B: 52E8D7443714773298F8956513923AFC Ref C: Thu Jun 30 12:59:31 2016 PST
Cache-Control: private
Date: Thu, 30 Jun 2016 19:59:31 GMT
Set-Cookie: exchangecookie=e4b8e5f48581449893f48eba48413e88; expires=Fri, 30-Jun-2017 19:59:31 GMT; path=/; HttpOnly
Server: Microsoft-IIS/8.5
WWW-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000#*", token_types="app_asserted_user_v1 service_asserted_app_v1", error="invalid_token"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again."
}
}
It says that, "The token contains not enough scope to make this delegate access call."
However: I have confirmed that 9/9 "Application Permissions" as well as 26/26 "Delegated Permissions" have been granted to the app for the "Office 365 Exchange Online" service. Additionally, the account I'm using is also a Global Administrator for our tenant.
Thanks for any help!
At present, the Task API requests are always performed on behalf of the signed-in user(refer to target user).
And there is no such scope that for reading task from all users, you can refer to the permissions from figure below:
You may submit the feedback from here if you require that the Task API to support for other users.

Invoke-WebRequest Proxy Authentication Error

I am trying to use an HTTP proxy I purchased from TorGuard with PowerShell. I am able to successfully connect to the proxy server however it returns a Cache Access Denied Error message. My script is:
$url = "http://www.foo.org/"
$request = Invoke-WebRequest -Uri $url `
-Proxy "http://web.proxy.torguard.org:6060" -ProxyCredential $myCreds
The complete error message returned is:
The following error was encountered while trying to retrieve the URL: http://www.foo.org/
Cache Access Denied.
Sorry, you are not currently allowed to request http://www.foo.org/ from this cache until you have authenticated yourself.
Please contact the cache administrator if you have difficulties authenticating yourself.
Generated Sat, 05 Sep 2015 16:07:20 GMT by 91.233.116.119 (squid/3.1.23)
The same error message is returned regardless of the value of $url.
This is what TorGuard support said:
It sounds like it’s not submitting the form.
Am I missing a parameter in my Invoke-WebRequest?