Share via

SSRS Azure AD (OIDC) Authentication Configuration Issue

Tharun Balaji Jothi Subramaniam 0 Reputation points
2025-11-11T09:12:05.85+00:00

We are currently working on integrating SQL Server Reporting Services (SSRS) with Azure Active Directory (OIDC authentication) for our reporting environment.

Environment Details:

  • SSRS Version: 2022
  • Build Number: [e.g., 16.0.1118.33]
  • Authentication Type: OIDC (OpenID Connect)
  • Identity Provider: Azure Active Directory (Entra ID)
  • Tenant Type: [Single-tenant]
  • Operating System: Windows Server [10]

We are currently configuring SQL Server Reporting Services (SSRS) authentication using Azure Active Directory (OIDC). After successful credential entry in the Azure AD login page, the browser returns a HTTP 500 error stating that it cannot handle the request.

We are able to access the ReportServer endpoint URL without issues, but accessing the Reports Portal (\Reports) consistently triggers the 500 error after authentication.

Exception: System.Web.HttpException (0x80004005): Unable to validate data. at System.Web.Configuration.MachineKeySection.EncryptOrDecryptData(Boolean fEncrypt, Byte[] buf, Byte[] modifier, Int32 start, Int32 length, Boolean useValidationSymAlgo, Boolean useLegacyMode, IVType ivType, Boolean signData) at System.Web.Security.FormsAuthentication.Decrypt(String encryptedTicket) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreateRequestContextFromCookie(IOwinContext context) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.CreatePortalIdentity(IOwinContext context) at Microsoft.BIServer.Owin.Common.Middleware.CustomAuthenticationMiddleware.Invoke(IOwinContext context) at Microsoft.Owin.Security.Infrastructure.AuthenticationMiddleware1.<Invoke>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.BIServer.Owin.Common.Middleware.RequestLoggingMiddleWare.<Invoke>d__4.MoveNext()| RequestID = s_2dde68b0-22de-4c2d-a429-bc94ba4893bd

Kindly require your support to overcome this issue.

Regards,

Tharun Balaji J S

SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Lakshmi Narayana Garikapati 640 Reputation points Microsoft External Staff Moderator
    2025-11-11T15:55:14.23+00:00

    Hi @Tharun Balaji Jothi Subramaniam,

    Thanks for the reaching out SQL forum.

    Thank you for sharing the detailed environment information and error trace. The issue you’re facing is commonly related to inconsistent or missing machineKey settings across SSRS configuration files, which prevents proper validation of authentication cookies after Azure AD login.

    1.Set a consistent machineKey across all SSRS config files:

       Add the same <machineKey> element in:

 C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\Portal\web.config

 rsReportServer.config

 rsPortal.config

 Example:

 XML<machineKey   validationKey="YOUR-VALIDATION-KEY"   decryptionKey="YOUR-      DECRYPTION-KEY"   validation="AES"   decryption="AES" />Show more lines

    Generate keys using PowerShell:

    PowerShell[System.Web.Security.MachineKeySection]::GenerateKeys("AES", 64)Show more lines

    Ensure identical keys in all files.

    2.Restart SSRS service after updating keys.

    Check OIDC configuration:

    Verify CallbackPath, Authority, ClientId, and Redirect URI match your Azure AD app registration.

    Ensure SameSite and HTTPS settings are correct (Chromium browsers enforce strict rules).

    3.Clear old cookies:

    Delete browser cookies for the SSRS site after applying changes.

    Hope this helps.

    Thanks,

    Lakshmi.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.