ServiceDesk Plus Oauth troubleshooting

Troubleshooting Oauth configuration for mail server settings

Oauth in ServiceDesk Plus / AssetExplorer for Mail

      SDP supports Oauth configuration for Office365 and GSuite mailboxes since 11106 build. Office365 mailboxes can be configured with Oauth authentication using EWS (since 11106) and IMAP / SMTP (since 13005 build).
  1. O365 configuration using Oauth -
  2. Gsuite configuration using Oauth -
  3. Default configurations of O365 and Gsuite -
  4. Oauth FAQs -


1. Follow the steps mentioned in the corresponding configuration doc mentioned above.
2. Make sure, the hostname in redirect url is same as in the url used to access the application.
3. If proxy is required from the application server to connect to Internet, configure Proxy in the application and enable them in the mail server settings.
4. Once saved the mail server settings with Oauth, a popup will be prompted. Enter the credentials of the mailbox (the one configured in the application) / choose the mailbox's login instead of choosing your personal account. If the personal account is chosen and fetching is started, mails from your personal account will be fetched into the application.


Misconfigured client secret field

Issue: Getting the below alert after entering the mailbox credentials in the popup. 

Reason: The configured client secret in the application is incorrect. Either the value is incorrect (configured the value from different application) or users might have configured the secret id value in the client secret field.

Resolution: The text under "Value" should be configured in the client secret field. If this value isn't stored anywhere (viewable once and it will be masked after that), create a new client secret and configure it in the application.

Security error in Oauth popup

Issue: Security issue after entering the mailbox credential in the Oauth popup

Reason: The above error is due to few extra parameters like 'error', 'error_description' are being passed from the Auth server. This occurs if the Oauth isn't properly configured.

Resolution: Please check the Oauth configuration again especially the scope field. Verify the scope value with the default configurations. Even if issue persists, recreate the issue once and contact with the logs.

Login page after Oauth popup

Issue: After entering the mailbox credentials in the popup dialog, popup doesn't close and landed in the application's login page.


      1. Check whether the url used to access the application has the same hostname as the redirect url in the mail server settings page. If the url is different, then the above issue occurs. Access the application using the same url as redirect url. This should fix the issue.

      2. In some environments, due to "SameSite" attributes in application cookies, the popup lands in application login page. Execute the below query from Reports tab >> New query report >> Enter the below SQL query and click "Run report"
  1.             select * from globalconfig where parameter like 'SAMESITECOOKIE';
            The value for the column "parameter" should be "none" (case insensitive) as shown in image below.


            If the value isn't "none", execute the below update query and restart the application service.
  1.                   update globalconfig set paramvalue='none' where parameter like 'SAMESITECOOKIE' and category like 'SECURITY_SETTINGS';
            Now, clear all the cookies of the application in the browser, login and try saving the settings. Even if issue persists, recreate the issue once and contact with the logs and result of the first sql server (select query).

Refer the section for troubleshooting similar issues from logs.

Need admin approval

Issue: After entering the credentials of mailbox in the Oauth popup, "Need admin approval" message shown

Reason: In your organization, users aren't allowed to consent for applications. So, to approve consent for accessing the organisation data (mailbox), admin consent is needed.

Resolution: Go to Azure portal >> App registrations >> Application configured for SDP >> API Permissions (left panel) >> Grant admin consent for all the permissions.

Click on Grant admin consent

Connectivity issue

Read timed out / Connection timed out

Issue: Getting read/connection timed out after entering credentials of the mailbox in the Oauth popup

Reason: One possible reason could be unable to connect to the token url/hostname/connect url internally from the application server due to proxy. If proxy server has been configured in your environment (say configured in the browser), the authorisation url will work (using proxy settings in browser), but the token url will not work as call to token url happens internally. This will throw the above error.

Resolution: Configure the proxy settings in the application. Refer - Proxy settings ( If configured in application, check the proxy option in the mail server settings and save.

Expected JSON, not HTML

Issue: After entering the credentials of the mailbox in the popup, a failure alert is shown with the message as below

Reason: After entering the credentials of the mailbox in Oauth popup, application gets an authorization code. Using that code, application tries to generate tokens via the configured Token URL. The successful response from a proper Token URL will be in JSON format. If the Token URL is misconfigured, application may not receive the tokens in JSON format and throws error similar to the above screenshot.

Resolution: Check whether Token URL is properly configured. Please refer the Admin guide to know about Token URL configuration. Even if issue persists with proper Token URL, recreate the issue once and contact with the 
1. logs
2. Screenshot of mail server settings (share the complete value of Token URL explicitly)
3. Screenshot of Application Endpoints in the Azure portal (as shown in Admin guide)

Invalid Client ID

Issue: After entering credentials of the mailbox in the Oauth popup, error as in below screenshot is thrown

Reason: The error code "AADSTS700016" corresponds to incorrect Application(Client) ID for the logged in mailbox's directory.

Resolution: Ensure the correctness of the Client ID value configured in the application. Please refer the Admin guide to know about the Client ID configuration. Even if issue persists with proper Client ID, contact with the 
1. Screenshot of error in Oauth popup
2. Screenshot of mail server settings of SDP (incoming / outgoing setting in which the error is faced)
3. Screenshot of Overview tab of corresponding application in Azure portal as shown in the Admin guide.

PKIX path building failed

Issue: The above alert is thrown once the oauth popup closes (After successfully entering mailbox credentials / choosing mailbox).

Reason: SSL encryption certificate might have applied in your environment (A certificate by internal CA is applied for the "" domain).

Troubleshooting from logs (serverout file)

      Troubleshooting errors based on the information shown in the product UI is discussed above. This section discusses on troubleshooting errors from application log file ( logs\serverout(x).txt file ). To access the log file in UI, login as "SDAdmin" and navigate to "Community" >> "View Logs" >> serverout0.txt

Login page after Oauth popup

Issue: After entering mailbox credentials in the Oauth popup, login page of the application is shown.

Reason: Below are the possible reasons 

1. Search for "UNAUTHORIZED_CORS_REQUEST" in the serverout0.txt file for "OauthServlet" url
  1. [14:06:08:349]|[07-26-2022]|[]|[SEVERE]|[70]: CORS request "/servlet/OauthServlet" from origin : "" is not allowed|
  2. [14:06:08:349]|[07-26-2022]|[]|[INFO]|[70]: IAMSecurityException ErrorCode: UNAUTHORIZED_CORS_REQUEST,  RequestURI: "/servlet/OauthServlet", RemoteAddr: "172.xx.xx.xx", Referrer: ""|
  3. [14:06:08:349]|[07-26-2022]|[]|[SEVERE]|[70]: CORS request "/servlet/OauthServlet" from origin : "" is not allowed|
  4. [14:06:08:349]|[07-26-2022]|[]|[INFO]|[70]: IAMSecurityException ErrorCode: UNAUTHORIZED_CORS_REQUEST,  RequestURI: "/servlet/OauthServlet", RemoteAddr: "172.xx.xx.xx", Referrer: ""|
      Resolution: Login as "SDAdmin". Navigate to Security Settings >> Advanced. Check whether "Referrer-Policy" security response header is configured as strict-origin-when-cross-origin. If so, remove the security response header (or) add url as value for security response header "allow-control-origin". If no "Referrer-Policy" header was configured, contact with logs and screenshot of Advanced Security Settings

      New to ADSelfService Plus?


            • Related Articles

            • List of mail fetching issues and solutions

              Scenario 1 : Mail fetching issue due to Invalid or No PKIX certificate .   Log traces for Mail Fetching  issues Exception when connecting to store.|javax.mail.MessagingException: PKIX path building failed: ...
            • Applying mail server's certificate in ServiceDesk Plus

              To establish a secure connection between ServiceDesk Plus and email servers configured with a self-signed certificate, follow these steps: 1. Download the attached file. 2. Extract the files to the ServiceDesk Plus directory. 3. The files will now be ...
            • Fix JAR for Parse Error Exception Raised during Mail Fetching

              Build Compatibility : 12007 Issue :       Some mail are fetched and created as ticket without description due to message corruption temporarily. The issue is can be identified with the below trace.  Fix :        The issue is not recreated when the ...
            • Failure during Zia Reopen prediction process stops the mail fetching schedule

              When the requester replies to closed/resolved requests with empty content or if there is no proper content except the content of the parent mail, then no content will be available for zia reopen prediction process and an exception will be ...
            • Step-by-step: E-Mail configuration for Outlook using POP/IMAP

              The reason for configuring the mailbox in Outlook using POP/IMAP configuration is to validate connectivity and authentication settings. ServiceDesk Plus Application fetches emails from the inbox exactly as how an Email Client (Outlook) would fetch ...