Skip to content
  • There are no suggestions because the search field is empty.

AppEnhancer - 25.2 OAuth SSO upgrade errors after moving from pre-24.4 versions

After upgrading AppEnhancer to 25.2, a customer experienced OAuth SSO failures even though authentication against Azure succeeded

The failure occurred during token exchange, with errors including “Failed to get security token” and “Incorrect format for encrypted data.”

Symptoms

You may see one or more of the following:

  • Users can authenticate successfully with Azure, but AppEnhancer fails immediately afterward during token handling.

  • Logs show OAuth tracing activity followed by “Failed to get security token. Incorrect format for encrypted data.”

  • User and group import in AE Admin does not work as expected after the upgrade.

 

Cause

In this case, the issue was not resolved by disabling PKCE or reverting flow behavior; it was resolved by correcting post-upgrade OAuth configuration and Azure app settings 

The final notes indicate that older OAuth-related entries were still present in the Web Access config file and needed to be removed because those keys are no longer needed in 24.4 and later.

Resolution

  1. Remove legacy OAuth entries from the Web Access config file that remained from the pre-upgrade configuration.
  2. Review and complete the OAuth settings in the Admin UI so they match the customer’s Azure/Entra configuration, including their groups, permissions, and environment-specific setup.