This is the oauth JWT bearer request that is being sent to my adfs server, as you can see the scope field contains only openid.
But the application "urn:ms-drs:434DF4A9-3CF2-4C1D-917E-2CD2B72F515A" has aza scope in the adfs server.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
When I set up Windows Hello in Windows 10 build 2004, I get the following error during the create a PIN step.
Error code: 0xCAA70010
In the background, the Aad token broker plugin failed to acquire token from the onprem ADFS server.
Error: 0xCAA70010 Certificate is invalid.
Exception of type 'class HttpException' at XMLHTTPWebRequest.cpp, line: 184, method: XMLHTTPWebRequest::ReceiveResponse.
Log: 0xcaa10083 Exception in WinRT wrapper.
Logged at AuthorizationClient.cpp, line:242, method: ADALRT::AuthorizationClient::AcquireToken.
Request: authority: https://myadfs/adfs, client: dd762716-544d-4aeb-a526-687b73838a22, redirect URI: ms-appx-web://Microsoft.AAD.BrokerPlugin/dd762716-544d-4aeb-a526-687b73838a22
This is the oauth JWT bearer request that is being sent to my adfs server, as you can see the scope field contains only openid.
But the application "urn:ms-drs:434DF4A9-3CF2-4C1D-917E-2CD2B72F515A" has aza scope in the adfs server.
Hi,
I made some progress with the problem and now I'm getting the following error code
Error Code:0x801c0451
The ADFS server returns the following error message:
error=invalid request
error_description=MSIS9681:Received invalid OAuth JWT Bearer request. the jwt bearer request with tokentype=pop must contain aza scope.
Hi,
You may try the following steps:
1.Try to create the PIN again. Some errors are transient and resolve themselves.
2.Sign out, sign in, and try to create the PIN again.
3.Reboot the device and then try to create the PIN again.
4.Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to Settings > System > About and select Disconnect from organization.
Hope above information can help you.