Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Dynamics 365 Community / Forums / Microsoft Dynamics NAV (Archived) / The AudienceRestrictio...
Microsoft Dynamics NAV (Archived)

The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

(1) ShareShare
ReportReport
Posted on by Marco Mels

Hi,

This is Marco Mels from the Microsoft Dynamics NAV CSS Organization. I just wanted to share some information that we may see coming as a question on a regular base. If you try to setup Dynamics NAV with Office 365 and try to authenticate with Single Sign On, then this may fail with the following error in the application event log file:


Event ID: 231
Level: Warning
Description:
Server instance: DynamicsNAV110
Tenant ID:
<ii>Type: System.IdentityModel.Tokens.AudienceUriValidationFailedException
Message: <ii>ID1038: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris.
Audience: 'dynamicsnavwinclient/.../ii>


The reason for this error is that you did run the Powershell command lets Set-NavSingleSignOnWithOffice365 you may still find on the Dynamics NAV product DVD. These command lets did work fine in previous releases, but while we integrate more functionality with Office 365, it is better / recommended to create your own Azure AD app via the Azure Portal. We did update documentation around this scenario:
docs.microsoft.com/.../authenticating-users-with-azure-active-directory

If you do have any further questions or insights to share, please reply to this forum posting.

*This post is locked for comments

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hello,

    The original issue was that the mentioned PowerShell scripts on the product DVD did do what they should do, but the Azure AD App was not visible so additional reply urls could not be added this way. That is what I recall as being cause  of the scripts getting deprecated. If it started to work again and if it does work, then thanks for sharing.

    Thanks.

  • Mkii Profile Picture
    Mkii 5 on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Not sure if I missed something, but you wrote "These command lets did work fine in previous versions" which versions are you referring to as working and what version did it stop? I was trying with 2018 and the web worked fine from the Powershell scripts, once I added the Redirect URIs to the App Registration. The issue I was having with the AudienceUris was fixed by adding the 'http://dynamicsnavwinclient/ to the "Valid Audiences" in the NST Admin "Azure Active Directory" section.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi Marco

    I got my issue solved, thanks for the help! :)

  • Marco Mels Profile Picture
    Marco Mels on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hello again,

    Not sure if this is still an issue, but the WSFederationLoginEndpoint is really something that you can find in the customsettings.config file. Not the navsettings.json file.

    Thanks.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi Marco

    Thanks a lot for replying!

    I did as you said, except it's Nav 2018, so I added it in Navsettings.json instead for that specific serverinstance.

    I don't get the earlier mentioned "25%"'s, but now it lets me log in to office, after that it gives the error:

    "Unable to connect to this site

    The IP address of the server for <AADID>.onmicrosoft.com could not be found."

    I can really not get what is wrong right now. It works perfectly with the installed windows client, but web client wont connect.

  • Suggested answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi,

    In the customsettings.config file, you need to add SignIn.aspx after the WebServer instance part of the url for the WSFederationLoginEndpoint. If you do not like to add the SignIn.aspx, then you can use an undocumented trick: change wreply to wtreply. That will work as well :-)

    The WSFederationLoginEndpoint is build upon the following values (removing "https:// before login.windows.net to avoid automatic formatting problems):

    login.windows.net/tenantID.onmicrosoft.com/wsfed?wa=wsignin1.0%26
    wtrealm=AppIdUri
    wreply=PublicWebBaseUrl/SignIn.aspx" />

    If you know the tricks, you find it easy after all.

  • Suggested answer
    AJAnsari Profile Picture
    AJAnsari 5,754 on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi Martin,

    I had this same issue, and had to work with Microsoft support to resolve the issue - it took us a couple days but we were able to fix the problem.

    I haven't had time to complete my blog article on this yet, but if you are running NAV 2018 and need to resolve this soon, please e-mail me at AJ@D365BCHub.com and I will send you a Word document that was originally created by Microsoft's support team and then enhanced with my notes/steps to get around the issue.

    I hope this helps. If my response has answered your question, please verify by clicking Yes next to "Did this answer your question?"

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi Marco

    I got it working, but not with the webclient.

    It gives an error:

    404.15 - Not Found after I logged in with my credentials.

    Also it gives me that the requested URL-address is filled up with 25's:

    52525252f%252525253fReturnUrl%252525253d%25252525252fdemomiljo%25252525252f%25252525253fReturnUrl%25252525253d%2525252525252fdemomiljo%2525252525252f%2525252525253fReturnUrl%2525252525253d%252525252525252fdemomiljo%252525252525252f%252525252525253fReturnUrl%252525252525253d%25252525252525252fdemomiljo%25252525252525252f%25252525252525253fReturnUrl%25252525252525253d%2525252525252525252fdemomiljo%2525252525252525252f%2525252525252525253fReturnUrl%2525252525252525253d%252525252525252525252fdemomiljo%252525252525252525252f%252525252525252525253fReturnUrl%252525252525252525253d%25252525252525252525252fdemomiljo%25252525252525252525252f%25252525252525252525253fReturnUrl%25252525252525252525253d%2525252525252525252525252fdemomiljo%2525252525252525252525252f%2525252525252525252525253fReturnUrl%2525252525252525252525253d%252525252525252525252525252fdemomiljo%252525252525252525252525252f%252525252525252525252525253fReturnUrl%252525252525252525252525253d%25252525252525252525252525252fdemomiljo%25252525252525252525252525252f%25252525252525252525252525253fReturnUrl%25252525252525252525252525253d%2525252525252525252525252525252fdemomiljo%2525252525252525252525252525252f%2525252525252525252525252525253fReturnUrl%2525252525252525252525252525253d%252525252525252525252525252525252fdemomiljo%252525252525252525252525252525252f%252525252525252525252525252525253fReturnUrl%252525252525252525252525252525253d%25252525252525252525252525252525252fdemomiljo%25252525252525252525252525252525252f%25252525252525252525252525252525253fReturnUrl%25252525252525252525252525252525253d%2525252525252525252525252525252525252fdemomiljo%2525252525252525252525252525252525252f%2525252525252525252525252525252525253fReturnUrl%2525252525252525252525252525252525253d%252525252525252525252525252525252525252fdemomiljo%252525252525252525252525252525252525252f%252525252525252525252525252525252525253fReturnUrl%252525252525252525252525252525252525253d%25252525252525252525252525252525252525252fdemomiljo%25252525252525252525252525252525252525252f

    52525252f%252525253fReturnUrl%252525253d%25252525252fdemomiljo%25252525252f%25252525253fReturnUrl%25252525253d%2525252525252fdemomiljo%2525252525252f%2525252525253fReturnUrl%2525252525253d%252525252525252fdemomiljo%252525252525252f%252525252525253fReturnUrl%252525252525253d%25252525252525252fdemomiljo%25252525252525252f%25252525252525253fReturnUrl%25252525252525253d%2525252525252525252fdemomiljo%2525252525252525252f%2525252525252525253fReturnUrl%2525252525252525253d%252525252525252525252fdemomiljo%252525252525252525252f%252525252525252525253fReturnUrl%252525252525252525253d%25252525252525252525252fdemomiljo%25252525252525252525252f%25252525252525252525253fReturnUrl%25252525252525252525253d%2525252525252525252525252fdemomiljo%2525252525252525252525252f%2525252525252525252525253fReturnUrl%2525252525252525252525253d%252525252525252525252525252fdemomiljo%252525252525252525252525252f%252525252525252525252525253fReturnUrl%252525252525252525252525253d%25252525252525252525252525252fdemomiljo%25252525252525252525252525252f%25252525252525252525252525253fReturnUrl%25252525252525252525252525253d%2525252525252525252525252525252fdemomiljo%2525252525252525252525252525252f%2525252525252525252525252525253fReturnUrl%2525252525252525252525252525253d%252525252525252525252525252525252fdemomiljo%252525252525252525252525252525252f%252525252525252525252525252525253fReturnUrl%252525252525252525252525252525253d%25252525252525252525252525252525252fdemomiljo%25252525252525252525252525252525252f%25252525252525252525252525252525253fReturnUrl%25252525252525252525252525252525253d%2525252525252525252525252525252525252fdemomiljo%2525252525252525252525252525252525252f%2525252525252525252525252525252525253fReturnUrl%2525252525252525252525252525252525253d%252525252525252525252525252525252525252fdemomiljo%252525252525252525252525252525252525252f%252525252525252525252525252525252525253fReturnUrl%252525252525252525252525252525252525253d%25252525252525252525252525252525252525252fdemomiljo%25252525252525252525252525252525252525252f

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hi Marco

    Thanks it helped!

  • Verified answer
    Marco Mels Profile Picture
    Marco Mels on at
    RE: The AudienceRestrictionCondition was not valid because the specified Audience is not present in AudienceUris

    Hello,

    You are of course right! It appears that "ifyou" is added to the last part of the link. This does come from the next line in initial posting: "If you do have any further questions or insights to share, please reply to this forum posting". Removing ifyou from the link will get you to the page.

    I did correct the initial posting by removing the link from the url. Hope it does help.

    It appears to be a formatting issue because the error is not visible unless you copy the link and look at it.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

photo of Muhammad Affan

December Spotlight Star - Muhammad Affan

Congratulations to a top community star!

thumbnail image of a pie chart section

Top 10 leaders for November!

Congratulations to our November super stars!

thumbnail image of the word Tip

Tips for Writing Effective Verified Answers

Best practices for providing successful forum answers ✍️

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 291,391 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 230,445 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans