web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / Error with workflow au...
Finance | Project Operations, Human Resources, ...
Suggested Answer

Error with workflow authentication in on premise D365FinOps

(0) ShareShare
ReportReport
Posted on by Community Member

Hi All,

I am facing issue while opening workflow editor. Whenever I am opening workflow editor window, the login window immediately disappear. Both environment (SAT & PROD) are configured on same ADFS. The SAT environment is working fine and I had configured with another hard code Client ID.fd99fdbb-8843-489f-a8f6-27e9bea7a553 for the production environment. I don't know where the get default Client ID. 

Below is the log captured from event viewer in ADFS server.

Encountered error during OAuth authorization request.

Additional Data

Exception details:
Microsoft.IdentityServer.Web.Protocols.OAuth.Exceptions.OAuthUnauthorizedClientException: MSIS9321: Received invalid OAuth request. The client '67ae0dc4-5f97-4c38-b132-65d38bbab8d1' is forbidden to access the resource 'ax.d365ffoprod.abcd.org'.
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthProtocolContext.ValidateScopes(String scopeParameter, String clientId, String relyingPartyId)
at Microsoft.IdentityServer.Web.Protocols.OAuth.OAuthAuthorization.OAuthAuthorizationRequestContext.ValidateCore()

Thanks 

Ahmer Khalid

I have the same question (0)
  • Ludwig Reinhard Profile Picture
    Ludwig Reinhard Microsoft Employee on at

    moved to the d365 forum

  • Community Member Profile Picture
    Community Member on at

    I think this is a d365 forum

  • Suggested answer
    Luke Sha Profile Picture
    Luke Sha on at

    Hi, Ahmer

    Please check below things in ADFS group

    1. Make sure client ID "67ae0dc4-5f97-4c38-b132-65d38bbab8d1" is righ for workflow native application

    2. Make sure redirect URL of workflow native application include both of below items

    dynamicsaxworkfloweditor/

    dynamicsaxworkfloweditor/

    3. Make sure "ax.d365ffoprod.abcd.org" is included in relying URL of Native application and Web API

    4. Make sure workflow application is added into 'Client permission' list of WebAPI 

  • Community Member Profile Picture
    Community Member on at

    I am using Client ID.fd99fdbb-8843-489f-a8f6-27e9bea7a553 for Production environment.

    this client ID "67ae0dc4-5f97-4c38-b132-65d38bbab8d1" for UAT (it is working fine).

    Both URI are already added on workflow Native Application.

    2020_2D00_02_2D00_24_5F00_13_2D00_52_2D00_41.png2020_2D00_02_2D00_24_5F00_13_2D00_52_2D00_55.png

    Thanks

    Ahmer Khalid

  • Suggested answer
    Luke Sha Profile Picture
    Luke Sha on at

    Hi, Ahmer

    What you mean "I am using Client ID.fd99fdbb-8843-489f-a8f6-27e9bea7a553 for Production environment. this client ID "67ae0dc4-5f97-4c38-b132-65d38bbab8d1" for UAT (it is working fine)."?

    The client ID of workflow is 67ae0dc4-5f97-4c38-b132-65d38bbab8d1 is fixed for all the environments and all the customers

    If you change the ADFS application group deployment script manually to create workflow application for PROD, that's wrong.

    Please follow the standard procedure. (ADFS parts in below link)

    docs.microsoft.com/.../troubleshoot-on-prem

  • Community Member Profile Picture
    Community Member on at

    Hi Luke,

    Thanks for your update.

    As you know, Client ID is unique. so i am unable to create Application Group for production environment Thats the key reason for changing the Client ID.

    For now what can i do for it.

    Thanks

    Ahmer Khalid

  • Luke Sha Profile Picture
    Luke Sha on at

    No problem, Ahmer.  

    If you work it out by following the provided link, please help to mark the solution as 'Answer'.  

    Have a good day.

  • Community Member Profile Picture
    Community Member on at

    Hi Luke,

    I am unable to connect the workflow server from production environment.

    Thanks

    Ahmer Khalid

  • Suggested answer
    Luke Sha Profile Picture
    Luke Sha on at

    Hi, Ahmer

    Please be specific on issues.  What's changes you have done now?  

    As introduced in the document, we need to share same Native / Workflow /Financial reporting client ID for both PROD and UAT

    docs.microsoft.com/.../troubleshoot-on-prem

    Suggest you to redeploy your PROD with correct configuration.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Martin Dráb Profile Picture

Martin Dráb 451 Most Valuable Professional

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 428 Super User 2025 Season 2

#3
BillurSamdancioglu Profile Picture

BillurSamdancioglu 239 Most Valuable Professional

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans