web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Finance | Project Operations, Human Resources, ... / ID2002: The AppliesTo ...
Finance | Project Operations, Human Resources, ...
Answered

ID2002: The AppliesTo address of the relying party was not a valid absolute URI

(5) ShareShare
ReportReport
Posted on by DH-25022132-0 18
 
I have an issue with generating SSRS reports on one box development machines.
MS says I need to add a certificate to resolve but I have already done this or I wouldn't be able to add users via entra id without getting auth/thumbprint errors
Does anyone know how to solve this issue and or what else I should be looking for? My cert is valid, I do not see the applies to property in manifest under the App registration
 
Steps taken to resolve:
Categories:
Dynamics 365 Finance
I have the same question (0)
  • Suggested answer
    YashPatel Profile Picture
    YashPatel 13 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    hi,
     
    Yes, I encountered the same issue in my development environment. After extensive analysis, I was able to resolve it.
    The issue originates from Microsoft when a new development environment is created. During this process, the web.config file is generated with the environment ID and certification details. The resolution lies in modifying this configuration file.
     
    📂 Path: K:\AosService\WebRoot
     
    🔧 Steps to Resolve:
    Open the web.config file.
    Locate the following line:

    Old : 
        <add key="Aad.Realm" value="00000015-0000-0000-c000-000000000000" />
    New:   
        <add key="Aad.Realm" value="spn:00000015-0000-0000-c000-000000000000" />
     
    Save the file and restart the IIS service.
     
    ✅ In most cases, this change resolves the issue. Be sure to include the spn: prefix in the XML configuration as shown.
  • Verified answer
    Jonas "Jones" Melgaard Profile Picture
    Jonas "Jones" Melgaard 4,889 Super User 2025 Season 2 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    That is interesting indeed.... 
     
    I meant really old tier-1 development machines (I.e. more than a year), not on-premises. 
     
    We are using Unified Development (PPAC) environments. I'm working at a financial institution that's heavily invested in Power Platform, so from a governance and cost perspective it makes sense for us since we can reuse our governance model.
     
    I'd say it's worth a try to use PPAC development environment. We haven't had any issues so far other than it consumes Dataverse database storage.
    Let me know if it works.
  • DH-25022132-0 Profile Picture
    DH-25022132-0 18 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    Hi Jonas,
     
    Yes, that was the MS suggestion. we have redeployed the machines several times, once with MS support on call
    SSRS works until we add the cert to fix the thumbprint issue. The SSRS problem started after the 10.41 update
     
    when you state "old OneBox environments" are you doing on premise or have you already converted everything to PPAC that's in public preview?
    If there is another direction that I should go that's easier I am all for it at this point.
  • Jonas "Jones" Melgaard Profile Picture
    Jonas "Jones" Melgaard 4,889 Super User 2025 Season 2 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    First time I have seen this specific error, but I have seen plenty of strange certificate issues with old OneBox environments, and it can be a nightmare to fix. And I agree with you, I don't believe it's an Entra-Id issue, it's something between the IIS/AOS and SSRS.
     
    I assume Microsoft asked you to redeploy the machine? If not then it would be my first action; It's rarely worth the effort to try to fix them.
     
    Also, without diving deeper into the first answer to the thread, it could be targeted BC or GP. This is not something that makes sense for F&O.
  • DH-25022132-0 Profile Picture
    DH-25022132-0 18 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    that would be the AI response to the question asked and no it did not resolve the issue
    We have had an open ticket with MS for over three months now, they apparently dont know either
  • Holly Huffman Profile Picture
    Holly Huffman 6,520 Super User 2025 Season 2 on at
    ID2002: The AppliesTo address of the relying party was not a valid absolute URI
    Good morning, afternoon, or evening depending on your location!
    I see you posted this a while ago - hoping you've resolved but incase not here are some thoughts:
     
    The error ID2002 concerning the "AppliesTo address of the relying party not being a valid absolute URI" often arises when the relying party configuration in your application or report environment isn't properly set up to point to an absolute URI. Since you've confirmed that your certificate is valid and properly added, here's how you can investigate and potentially resolve the issue:
     
    Steps to Resolve:
    1. Check the Configuration of the AppliesTo Address:
      • In your development environment, review the relying party settings, especially the AppliesTo property. Ensure that the AppliesTo address is an absolute URI (e.g., https://example.com/your-service), and not a relative or invalid format.
    2. Modify the SecurityTokenService.GetScope() Method:
      • The error message explicitly mentions overriding the SecurityTokenService.GetScope() method and populating Scope.AppliesToAddress with the appropriate absolute URI. If you have access to the application's code, locate this method and ensure it sets a valid absolute URI for the AppliesTo address. Example:
        protected override Scope GetScope(ClaimsPrincipal principal, RequestSecurityToken request)
        {
            Scope scope = new Scope();
            scope.AppliesToAddress = "        https://example.com/your-service"; // Ensure absolute URI
            return scope;
        }
    3. Manifest and App Registration:
      • In your App registration within Azure Entra ID, while the AppliesTo property may not be visible directly, ensure that the Reply URL or Redirect URI for your application is properly configured. It should align with the expected URI format used in the relying party settings.
    4. Check SSL Configuration:
      • Verify that the SSL certificate binding on your development machine is correctly configured and points to the proper domain or service. Any mismatch between the domain and the certificate could trigger similar errors.
    5. Log and Debug:
      • Enable detailed logging in your application or reporting environment. Review the logs for specific information about the AppliesTo address being passed during requests.
    6. SSRS Report Configuration:
      • If the issue persists specifically with SSRS reports, ensure that the report server URL and binding settings are valid and correctly reference absolute URIs.
    Additional Considerations:
    • If you're using custom bindings for the relying party in your application, ensure these settings don't overwrite or misconfigure the AppliesTo address.
    • Verify all dependencies and references in your environment align with the expected configuration.
     
    Hope this helps some!

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Andrés Arias – Community Spotlight

We are honored to recognize Andrés Arias as our Community Spotlight honoree for…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Finance | Project Operations, Human Resources, AX, GP, SL

#1
Sohaib Cheema Profile Picture

Sohaib Cheema 878 User Group Leader

#2
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 855 Super User 2025 Season 2

#3
CA Neeraj Kumar Profile Picture

CA Neeraj Kumar 765

Last 30 days Overall leaderboard

Featured topics

End-of-life Announcement for Microsoft Dynamics GP

Product updates

Dynamics 365 release plans