cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
ranbeermakin Regular Visitor
Regular Visitor

Power BI Embedded not working for "app owns data" and federated login (invalid SAML request error)

Hi,

 

I'm using Power BI Embedded "App owns data" approach. I have created a master user with Pro account in my customer's tenant. When I login with that user in powerbi.com, I get redirected to my organization login page (SAML based), I enter my credential and then redirect back to powerbi.com

 

Now when I use App owns data approach, my code is failing at this line

 

// Create a user password credentials.
var credential = new UserPasswordCredential(Username, Password);

// Authenticate using created credentials
var authenticationContext = new AuthenticationContext(AuthorityUrl);
var authenticationResult = await authenticationContext.AcquireTokenAsync(ResourceUrl,
ClientId,
credential);

 

It says "AADSTS75005: The request is not a valid SAML 2.0 protocol message". I suspect this is because when I'm trying to log in, in the backend it is taking me to my org page which is based on SAML. It goes to a URL like this

 

https://abc.com/SSO.saml2

 

How to solve this issue? Can I pass some param so I can bypass this for embedding?

 

Appreciate help

 

Ranbeer

5 REPLIES 5
Highlighted
pgromski Frequent Visitor
Frequent Visitor

Re: Power BI Embedded not working for "app owns data" and federated login (invalid SAML re

Did you check Cloud.config ?

There is the line to url adress where app should be authorized

 

Something like this:

add key="authorityUrl"

ranbeermakin Regular Visitor
Regular Visitor

Re: Power BI Embedded not working for "app owns data" and federated login (invalid SAML re

yes, I'm using 

 

https://login.windows.net/common/oauth2/authorize/

 

Should I change it?

pgromski Frequent Visitor
Frequent Visitor

Re: Power BI Embedded not working for "app owns data" and federated login (invalid SAML re

You can try use something advice from this link:

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/AuthenticationContext-the-c...

 

section:

Authority validation

 

 

v-jiascu-msft Super Contributor
Super Contributor

Re: Power BI Embedded not working for "app owns data" and federated login (invalid SAML re

Hi Ranbeer,

 

Please also refer to application-sign-in-problem-federated-sso-non-gallery.md#not-a-valid-saml-request.

 

Best Regards,

Dale

Community Support Team _ Dale
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
ranbeermakin Regular Visitor
Regular Visitor

Re: Power BI Embedded not working for "app owns data" and federated login (invalid SAML re

Hi, I checked,

 

could it be because Azure supports SAML 2.0, and my org is replying with SAML 1.0 protocol? How to get 2.0 response from my STS URL?

 

Here's sample response I get with assertion as SAML 1.0

 

 

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"><s:Header><add:To xmlns:add="http://www.w3.org/2005/08/addressing">http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</add:To><add:Action xmlns:add="http://www.w3.org/2005/08/addressing">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal</add:Action><wsse:Security s:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><wsu:Timestamp wsu:Id="d0f741a5-960d-47a9-b5b3-7eede0a6b761" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2018-06-05T07:46:04.605Z</wsu:Created><wsu:Expires>2018-06-05T07:51:04.605Z</wsu:Expires></wsu:Timestamp></wsse:Security></s:Header><s:Body><wst13:RequestSecurityTokenResponseCollection xmlns:wst13="http://docs.oasis-open.org/ws-sx/ws-trust/200512"><wst13:RequestSecurityTokenResponse><wst13:TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</wst13:TokenType><wst13:RequestedSecurityToken>

<saml:Assertion AssertionID="ID" IssueInstant="2018-06-05T07:46:04.585Z" Issuer="abc.com" MajorVersion="1" MinorVersion="1" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"><saml:Conditions NotBefore="2018-06-05T07:45:04.585Z" NotOnOrAfter="2018-06-05T07:49:04.585Z"><saml:AudienceRestrictionCondition><saml:Audience>urn:federation:MicrosoftOnline</saml:Audience></saml:AudienceRestrictionCondition></saml:Conditions><saml:AuthenticationStatement AuthenticationInstant="2018-06-05T07:46:04.585Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"><saml:Subject><saml:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">

 

Helpful resources

Announcements
Ask Amir Anything

Exclusive LIVE Community Event No. 2 – Ask Amir Anything

Next in our Triple A series: Ask Amir Netz questions about the latest updates, features and future.

October 2019 Community Highlights

October 2019 Community Highlights

October was a busy month in the community. Read the recap article to learn about some of the events and content.

New Solution Badges

New Solution Badges

Two waves of brand new solution badges are coming! Read the article for more information on our new community badges.

Analytics in Azure virtual event

Analytics in Azure virtual event

Experience a limitless analytics service built to ingest, prep, manage, and serve data for immediate use in Power BI.

Users Online
Currently online: 64 members 1,129 guests
Please welcome our newest community members: