web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / Error : You cannot sig...
Microsoft Dynamics NAV (Archived)

Error : You cannot sign in due to a technical issue.Contact your system administrator

(1) ShareShare
ReportReport
Posted on by CDsilva 4,188

Hi,

I'm configuring SSO for NAV 2018. It prompts me for Office 365 credentials but after entering password it throws error 'You cannot sign in due to Technical issue.Contact your system administrator'

client.JPG

After checking the Event viewer it says:

Server instance: DynamicsNAV110
Tenant ID:
<ii>Type: System.IdentityModel.Tokens.AudienceUriValidationFailedException
Message: <ii>ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
Audience: 'http://dynamicsnavwinclient/'</ii>
StackTrace:
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.Dynamics.Nav.Service.NavSaml2SecurityTokenFactory.ValidateToken(Saml2SecurityToken saml2SecurityToken, Saml2SecurityTokenHandler saml2SecurityTokenHandler)
at Microsoft.Dynamics.Nav.Service.NavSaml2SecurityTokenFactory.CreateAndValidateWithAudienceList(String serializedToken, FederationMetadataProvider federationMetadataProvider, AudienceRestriction audienceRestriction, String tokenId)
at Microsoft.Dynamics.Nav.Service.NavSecurityTokenFactory.Create(String response, Func`1 tokenSigningKey, FederationMetadataProvider federationMetadataProvider, String identityProviderAddress, String tokenId, String tokenType, NavTenant tenant)
at Microsoft.Dynamics.Nav.Service.WSFederationValidator.Validate(NavTenant tenant, String userName, String password, String navAppId)
at Microsoft.Dynamics.Nav.Service.ClientServicesUserNamePasswordValidator.ValidateCredentials(String userName, String password, NavTenant tenant, String navAppId)
at Microsoft.Dynamics.Nav.Service.ClientServicesUserNamePasswordValidator.Validate(String userName, String password)
Source: System.IdentityModel
HResult: -2146233087
</ii>

 

What is AudienceUris and how can I solve this?

*This post is locked for comments

I have the same question (0)
  • SK-30011758-0 Profile Picture
    SK-30011758-0 85 on at

    I have an identical problem.  I would be interested to find if there is a resolution

  • Sergio Ingravika Profile Picture
    Sergio Ingravika on at

    Hello,

    We have the same error!

    NAV 2018 with SSO is being quite frustrating.

    I tried to set it up separating RTC and Web Client in two processes.

    RTC finishes but shows the same error.

    Web Client finishes with an error:

    Set-NavSingleSignOnWithOffice365 -NavServerInstance "XXX" -NavWebServerInstanceName "XXX"
    -NavUser "XXX" -AuthenticationEmail "XXX@XXX" -NavServerCertificateThumbprint XXX -SkipNavServerConfiguration -SkipWinClientConfiguration

    New-Object : Exception calling ".ctor" with "1" argument(s): "Invalid URI: The URI scheme is not valid."
    At C:\NAV\Dynamics.110.ES.2467855.DVD\WindowsPowerShellScripts\NAVOffice365Administration\Set-NavSingleSignOnWithOffice
    365.ps1:357 char:18
    + ... navWebUri = New-Object -TypeName System.Uri -ArgumentList $NavWebServ ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
    + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand

  • Community Member Profile Picture
    Community Member on at

    Hello,

    we have exactly the same Problem witn NAV18 and SSO.

  • Sergio Ingravika Profile Picture
    Sergio Ingravika on at

    Hello,

    It's confirmed by Microsoft that some PS cmdlets don't work in NAV 2018 :(

    I have been provided with a workaround to fix this error, replacing the ACSuri. In my case it did not work, is it working for you?

    Old value:
        <add key="ACSUri" value="https://login.windows.net/yourcompany.onmicrosoft.com/wsfed?wa=wsignin1.0%26wtrealm=http://dynamicsnavwinclient/%26wreply=http://dynamicsnavwinclient; />
     
    New value:
        <add key="ACSUri" value="https://login.windows.net/yourcompany.onmicrosoft.com/wsfed?wa=wsignin1.0%26wtrealm=http://yourserver/DynamicsNavServer" />
     
  • Community Member Profile Picture
    Community Member on at

    Hello, 

    i will test the Workaround tomorrow and will give feedback.

  • Community Member Profile Picture
    Community Member on at

    Hi,

    i have tested the value today its not working.

    I also tried some diffrent values none of theme are working.

    Still getting the above "Error" mentioned in the first post.

    Or i get the Error that the "reply URL" does not match.

  • Sergio Ingravika Profile Picture
    Sergio Ingravika on at

    Hello,

    I have been working on this error with MS Support this morning. We've tested many options, like creating a new app for NAV in Azure AD, changing ACSuri parameters in NAV service and setup files... with no luck.

    We will continue working on this case this afternoon.

    I'll share the solution here once solved.

  • Community Member Profile Picture
    Community Member on at

    Please if anyone has solution. please do let me know. I also have same problem in NAV 2018 W1 version

  • Sergio Ingravika Profile Picture
    Sergio Ingravika on at

    Hello,

    I finally got the RTC client working with SSO login. I will post the workaround tomorrow. The error is a bug in PS scripts and some changes made in the Azure AD. It will probably will be solved in next CU.

  • Sergio Ingravika Profile Picture
    Sergio Ingravika on at

    Hello,

    Since the PS cmdlets are not working with he new changes of Azure AD, we'll have to setup SSO manually on the server. I have tested the solution and it is working.

    **NOTE when I refere "yourserver", in my case I have specified the public domain I use to access my NAV server.

    ** Pay attention to forward slashes / at the end of the urls!

    This is a workaround to fix SSO login (works for RTC and WebClient). The bug is reported and should be corrected in next CU.

    Step 1 (Azure and AD)

    Login to your Office 365 Azure AD.

    Create an Azure AD Application . App ID and Reply Url should be like "https://yourserver/yourinstance/WebClient/"

    Step 2 (Setup Files)

    Navsetting.json> Set Credentials to AccessControlService

    Client User Settings > Set Credentials to AccessControlService 

    Client User Settings > ACSUri > Replace wtrealm and wreply to match your Azure AD application with:"https://yourserver/yourinstance/WebClient/"

     

    Step 3 (NAV Instance)

    It is very important to disable "Enable Certification Validation" in your instance. 

    Set Credentials to NavUserPassword

    Go to Azure section in NAV instance administration.

    Set https://yourserver/yourinstance/WebClient/ as your Azure AD App ID URI

    Replace WS-Federation Login Endpoint with the ACSUri string from your client user settings config file.

    Restart everything and try

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics NAV (Archived)

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans