Skip to main content
Dynamics 365

Error “The authorization token issuer is invalid. An identity provider with a matching issuer was not found in the system” upon MPOS activation

Upon activating MPOS you can run into the following error message that you would also see in Event Viewer:

errorMessage The authorization token issuer is invalid. An identity provider with a matching issuer was not found in the system.

In order to troubleshoot this you will need to look into the Event Viewer logs of the Retail Server that this MPOS is connecting to (HQ or RSSU, depending on your topology) and search for entries referencing providedIssuer and registeredIssuers, like for example:

providedIssuer https://sts.windows.net/57f6499b-5663-4b2a-c9b3-4e807a754c02/
registeredIssuers https://sts.windows.net/57f6499b-5663-4b2a-c9b3-4e807a754c02, https://…..

The registeredIssuers section refers to entries that have been added to Identity Providers under the Retail Shared Parameters section of the HQ, while the providedIssuer refers to the entry that the MPOS is sending out while trying to activate. These 2 would need to match exactly.

In the example above the MPOS has a forward slash at the end of the entry, while the entry in Identity Providers does not have the final “/” slash at the end. The way to resolve this is to add the “/” character at the end of the entry in HQ here (click on the image in order to zoom in):