I've created an ms teams app, that works fine if i launch it locally, however when i install the appackage in my team and launch the app, it shows me the following error in the console:
App resource defined in manifest and iframe origin do not match.
my app in azure AD has been configured for multitenancy, with a unique id. And i've added webApplicationInfo object in the manifest file:
",
"webApplicationInfo": {
"id": "bae.....a8",
"resource": "https://xxxxx.onmicrosoft.com/ba.....a8"
}"
i tried changing the resource object form https from the manifest and azure to api://, it didnt work, i've also added the query "inTeamsSSO=true" to my static tab. Static tab scopes are: "Team"
how do i fix this issue?
Please verify the contents of webApplicationInfo section:
"webApplicationInfo": {
"id": "{AAD App client id}",
"resource": "api://{Your tab app domain}/{AAD App client id}"
}
Please make sure the domain in webApplicationInfo is same as your tab app's domain, otherwise Teams will return error.
Related
Unable to get token from getauthtoken method returning error "App resource defined in manifest and iframe origin do not match"
Not understanding what this message saying defined the same app resource in manifest where i need too define app resource in manifest?
In the manifest for Microsoft Teams apps, you need to add all domains where your app is hosted into validDomains array, like it is shown on the screenshot below.
I am facing issues while provisioning Java application in Azure AD enterprise application. I have created SCIM api as per the azure documents but still I am getting below error.
Error code: SystemForCrossDomainIdentityManagementCredentialValidationUnavailable
Details: We received this unexpected response from your application: An HTTP/404 Not Found response was returned rather than the expected HTTP/200 OK response. To address this issue, ensure that the tenant URL is correct. The tenant URL is usually in a format like: https://<>/scim. If this does not resolve the issue, contact the application developer to ensure their SCIM endpoint conforms with the protocol https://www.rfc-editor.org/rfc/rfc7644#section-3.4.2 Please check the service and try again.
You would need to ensure your response is formatted like in section 3.4.2 for the RFC
{
"schemas": ["urn:ietf:params:scim:api:messages:2.0:ListResponse"],
"totalResults": 0,
"Resources": [],
"startIndex": 1,
"itemsPerPage": 20
}
https://learn.microsoft.com/en-us/azure/active-directory/app-provisioning/use-scim-to-provision-users-and-groups#response-3
I am Configuring OAuth 2 Authentication with NativeScript provided Enterprise Auth project template, I followed the complete guide to configure Azure Active Directory. After setting up URLs and keys when I am executing the application through tns preview, it is giving me following error:
https://auth.kinvey.com/v3/oauth/auth?client_id=kid_SJcDEau7N&redirect_uri=nsplayresume%3A%2F%2F&response_type=code&scope=openid
Error:
{"error":"invalid_client","error_description":"Client authentication failed.","debug":"Client Verification Failed: redirect uri not valid"}
When I check the login script it was showing error because there was no argument given in the Kinvey.User.loginWithMIC() function so I provided Kinvey.User.loginWithMIC('http://example.com') as it was showing in the video tutorial.
login() {
if (Kinvey.User.getActiveUser() == null) {
Kinvey.User.loginWithMIC()
.then((user: Kinvey.User) => {
this.navigateHome();
console.log("user: " + JSON.stringify(user));
})
.catch((error: Kinvey.BaseError) => {
alert("An error occurred. Check your Kinvey settings.");
console.log("error: " + error);
});
} else {
this.navigateHome();
}
}
as expected it should show the login screen for the account which I have configured in Azure Active Directory.
Here I have a NativeScript solution, which makes use of Kinvey's Mobile Identity Connect. It's basically built using the same template that you would like to make use of. There are couple of important steps, that you need to take care before running that project, they are as follows:
Open kinvey.common.ts file from inside the src/app/shared folder and
set your Application ID and Application Secret (and Instance ID if
present, if not - remove the attribute). That's needed so that the NativeScript application can connect to your Kinvey Backend.
Open the Login component's TypeScript controller and set your MIC identifier. The MIC identifier is the MIC Service's ID. That will tell the app which service to refer to from the backend.
Open the MIC Service settings from the Kinvey Console and set myscheme:// as a redirect URI. The authorization endpoint normally redirects the user back to the client’s registered redirect URL. Depending on the platform, native apps can either claim a URL pattern, or register a custom URL scheme that will launch the application. For example, an iOS application may register a custom protocol such as myapp:// and then use a redirect_uri of myapp://callback.
For most up-to-date list of those crucial items, you can check out the repository's README file. Try that, and let me know if you can get Kinvey MIC working.
How do you customise the okta application loading screen?
This is the screen after you've signed into Okta, which is displayed when accessing an application.
It looks like a bar of grey, with a group of circles that spin.
Technically this is possible using the interstitialUrl. The interstitialUrl points to a custom page embedded inside an iframe. Modifying it allows you to use any page/style of your choosing.
Here are the requirements to creating the custom page:
Page must be HTTPS
Page is rendered inside an iframe
Host the interstitialUrl and the URL inside the iframe
However, use CAUTION when updating the contents of your organization.
Step 1: (Requires API Token)
GET https://{{subdomain}}.okta.com/api/v1/orgs/{{subdomain}}
Edit the JSON from the response, changing only the interstitialUrl:
"settings": {
"app": {
"interstitialUrl": "https://example.com/interstitial.html",
...
},
...
}
Step 2: Submit a PUT request (Requires API Token)
PUT https://{{subdomain}}.okta.com/api/v1/orgs/{{subdomain}}
Use the updated JSON from Step 1 as the request body.
Edit (1/30/2019)
This isn't a feature that is supported and can be removed at Okta's discretion. Please use at your own risk and do not expect this functionality to exist in the near future.
I raise a suppose case with Okta, and the feedback I received was this is not currently possible.
"We do at this time provide customisations for the sign in page in Okta and greater customisation capabilities if using the Okta sign in Widget however none of these extend to the loading page for the applications. "
To customize Okta application loading screen, please follow below steps:
Login to your Okta organization
Go to Admin tab
Click on Setting
From Setting drop down menu select Appearance, here you can configure Application Theme, Sign-in configuration, organization logo.
You won't be able to update interstitialUrl using the Okta REST API.
{
"errorCode": "E0000001",
"errorSummary": "Api validation failed: updateOrg",
"errorLink": "E0000001",
"errorId": "oae2uOlYhZyQwy2smOyFQecLA",
"errorCauses": [
{
"errorSummary": "Interstitial page URL cannot be modified."
}
]
}
I'm trying to use LicenseNotification API from the test page here for a test app I have built, published and already installed in one of our test domains.
App status on the CWS is published (published, GAM: published) and the app works fine.
I am logged in using the app project owner and I enabled OAuth 2.0 Authorization switch. Set the applicationId (which one is right, the one from Developers Console Marketplace SDK configuration or the one from CWS aka element id? I tried both..), clicked on Execute and I get the following response
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Not authorized to access the application ID"
}
],
"code": 403,
"message": "Not authorized to access the application ID"
}
}
What am I doing wrong?
EDIT: My app is published but visibility is set to "private" for my test domain only.