Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
ranbeermakin
Resolver III
Resolver III

Power BI Embedded not working for "app owns data" and federated login (invalid SAML request error)

Hi,

 

I'm using Power BI Embedded "App owns data" approach. I have created a master user with Pro account in my customer's tenant. When I login with that user in powerbi.com, I get redirected to my organization login page (SAML based), I enter my credential and then redirect back to powerbi.com

 

Now when I use App owns data approach, my code is failing at this line

 

// Create a user password credentials.
var credential = new UserPasswordCredential(Username, Password);

// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl,
ClientId,
credential);

 

It says "AADSTS75005: The request is not a valid SAML 2.0 protocol message". I suspect this is because when I'm trying to log in, in the backend it is taking me to my org page which is based on SAML. It goes to a URL like this

 

https://abc.com/SSO.saml2

 

How to solve this issue? Can I pass some param so I can bypass this for embedding?

 

Appreciate help

 

Ranbeer

5 REPLIES 5
v-jiascu-msft
Employee
Employee

Hi Ranbeer,

 

Please also refer to application-sign-in-problem-federated-sso-non-gallery.md#not-a-valid-saml-request.

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Hi, I checked,

 

could it be because Azure supports SAML 2.0, and my org is replying with SAML 1.0 protocol? How to get 2.0 response from my STS URL?

 

Here's sample response I get with assertion as SAML 1.0

 

 

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"><s:Header><add:To xmlns:add="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</add:To><add:Action xmlns:add="http://www.w3.org/2005/08/addressing">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</add:Action><wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp wsu:Id="d0f741a5-960d-47a9-b5b3-7eede0a6b761" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2018-06-05T07:46:04.605Z</wsu:Created><wsu:Expires>2018-06-05T07:51:04.605Z</wsu:Expires></wsu:Timestamp></wsse:Security></s:Header><s:Body><wst13:RequestSecurityTokenResponseCollection xmlns:wst13="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst13:RequestSecurityTokenResponse><wst13:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst13:TokenType><wst13:RequestedSecurityToken>

<saml:Assertion AssertionID="ID" IssueInstant="2018-06-05T07:46:04.585Z" Issuer="abc.com" MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2018-06-05T07:45:04.585Z" NotOnOrAfter="2018-06-05T07:49:04.585Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement AuthenticationInstant="2018-06-05T07:46:04.585Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">

 

pgromski
Frequent Visitor

Did you check Cloud.config ?

There is the line to url adress where app should be authorized

 

Something like this:

add key="authorityUrl"

yes, I'm using 

 

https://login.windows.net/common/oauth2/authorize/

 

Should I change it?

You can try use something advice from this link:

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AuthenticationContext-the-c...

 

section:

Authority validation

 

 

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.