Thursday, February 12, 2015

How to resolve "Access is denied to the Secure Store Service." error in SharePoint 2013


You configure BCS and Secure Store Service correctly and then when trying to access the External list items, you may encounter a very strange error that reads something like this:
 
Unable to render the data. If the problem persists, contact your web server administrator.


Correlation ID:<some guid>

When you check your SharePoint error logs, you may notice some errors like this:

Secure Store Service ValidateCredentialClaims - Access Denied: Claims stored in the credentials did not match with the group claim for a group app. 

Secure Store Service           Secure Store                   GetRestrictedCredentials failed with the following exception: System.ServiceModel.FaultException`1[Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault]: Access is denied to the Secure Store Service. (Fault Detail is equal to Microsoft.Office.SecureStoreService.Server.SecureStoreServiceFault). <some guid>

The best way to resolve this issue is to check the configured Target Application ID, especially "Members - The users and groups that are mapped to the credentials defined for this Target Application." and ensure proper user or group is entered (by clicking the "Edit" option on the Target Application in under Secure Store Service Application Administration screen -  Central Admin > Application Management > Manage Service Applications > Secure Store Service and Edit the Target Application ID > Click on Next till you get to the third page and set the field "Members" with the proper users/groups who will access this External list from SharePoint - in my example I set to "All Users")


1 comment:

Mita said...

Cheers, mate. This saved me from scratching my head aimlessly. In my case I was using a "domain local" group from AD as a target application member. Domain local groups don't seem to be accepted there, but global AD groups work.