Hi Guys
To the same Customer I'm going to install the second On Premise Environment.
During the "Step 18 - Configure AD FS" I had run the following command in order to create the new Application:
.\Publish-ADFSApplicationGroup.ps1 -HostUrl 'https://ax.d365foENVNAME.onprem.contoso.com' -ApplicationName 'Microsoft Dynamics 365 for Operations On-premises ENVNAME'
Here I raised the error "The client id must be unique across all clients"
I checked the log wrote in the same folder as the script and I notice that the process failed to the script "D365FO-OP\D365FO-OP-ADFSApplicationGroup.psm1” at line 199
Here the "workflowClientId" is set with a fixed ID value.
I guess is a error so, I changed the line in:
"$workflowClientId = ([guid]::NewGuid())"
Before rerun the script, delete the partial Application created before through the ADFS Management Console
P.S. The workaround above have an issue, the workflow doesn't work anymore.
Unfortunately, I don't know where, Microsoft Dynamics 365FO search the Fixed Value...
I will create another post in order to explain how to modify the same Application in order to handle also other Environments.
Till Soon!
To the same Customer I'm going to install the second On Premise Environment.
During the "Step 18 - Configure AD FS" I had run the following command in order to create the new Application:
.\Publish-ADFSApplicationGroup.ps1 -HostUrl 'https://ax.d365foENVNAME.onprem.contoso.com' -ApplicationName 'Microsoft Dynamics 365 for Operations On-premises ENVNAME'
Here I raised the error "The client id must be unique across all clients"
I checked the log wrote in the same folder as the script and I notice that the process failed to the script "D365FO-OP\D365FO-OP-ADFSApplicationGroup.psm1” at line 199
Here the "workflowClientId" is set with a fixed ID value.
I guess is a error so, I changed the line in:
"$workflowClientId = ([guid]::NewGuid())"
Before rerun the script, delete the partial Application created before through the ADFS Management Console
P.S. The workaround above have an issue, the workflow doesn't work anymore.
Unfortunately, I don't know where, Microsoft Dynamics 365FO search the Fixed Value...
I will create another post in order to explain how to modify the same Application in order to handle also other Environments.
Till Soon!
8 comments:
Hi Denis,
I am running in to the same issue and I want to hear, if you succeded with ADFS configuration and having multiple environments in same ADFS environment?
My plan for now is to generate a new GUID, document it for the specific environment and change the scripts as needed.
Hi Martin
Yes, you can use the same ADFS Server.
I will create another post that will explain how to.
Hi Denis,
I have to use same adfs when i am configuring another environment.
I have added new URL in native - Financial reporting and native application
After that do i need to run and publish URL from step 18. of on premise installation link
or i have to skip.
Thank you for post.
Hi Denis,
In my case workflow editor not working.
Grazie
Hi Denis,
I have the same requirement of deploying prod n test instance with 1 ADFS. Did you find any solution to the workflow and any other known issues after your workaround?
Thanks
Pradhan
Hi,
I am facing issue while opening workflow editor. Whenever I am opening workflow editor window, the login window immediately disappear. Both environment (SAT & PROD) are configured on same ADFS. The SAT environment is working fine and I had configured with another hard code Client ID.fd99fdbb-8843-489f-a8f6-27e9bea7a553 for the production environment. I don't know where the get default Client ID.
Below is the log captured from event viewer in ADFS server.
Encountered error during OAuth authorization request.
Additional Data
Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthUnauthorizedClientException: MSIS9321: Received invalid OAuth request. The client '67ae0dc4-5f97-4c38-b132-65d38bbab8d1' is forbidden to access the resource 'ax.d365ffoprod.abcd.org'.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthProtocolContext.ValidateScopes(String scopeParameter, String clientId, String relyingPartyId)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthAuthorizationRequestContext.ValidateCore()
Thanks
Ahmer Khalid
Post a Comment