cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
finalbeta
Frequent Visitor

HTTP with Azure AD fails to log on to application

I have several on premise applications that are protected using SAML with Azure AD. When I surf from my own browser, I'm able to log in just fine. (So the SAML works and my user has the correct rights to use the application)

Some of the applications have REST api's or other information I wish to use from within Microsoft flow. 
For this I would like to use "HTTP with AzureAD". Now I can't seem to be able to connect to my application from Microsoft flow. 
The connector asks 2 things, the Base resource URL, and the Azure-AD-Resource URI(URI for application ID). 

I've tried to use my application in the first and second field, like https://something.domain.be and with the application ID in the second. 

 

I'm getting the following errors when I try: 

Failed with the following error: AADSTS500011: The resource principal named https://something.domain.be was not found in the tenant named 0bef95b9-9628-4bae-b485-morenumbers. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Log on again


Failed with the following error: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 7ab7862c-4c57-491e-8a45-morenumbers(App Service). Resource value from request: 826f3be2-86ef-4832-bc15-numbers. Resource app ID: 826f3be2-86ef-4832-bc15-numbers. List of valid resources from app registration: . Log on again

 

I've been brute forcing the connector with values and I'm failing to get this sorted. Help would be appreciated!

2 REPLIES 2
rsaikrishna
Super User
Super User

Hi @finalbeta, I am not sure about about the internal details of your application but the error is clearly mentioning that it is looking for adequate permissions to access the service.

Looks like your App Permissions missing some permissions in the Azure App Registration page.

If you can review the permissions and the activities the app is doing, you can easily figure out the permissions desired. If you are not sure, try to allocate maximum permissions to isolate the issue. Do this only if you are in DEV stage. Don't try in PROD.

 

https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration

 

NOTE: If my reply helps, please click Accepted Solution and ThumbsUp.

Hi, thanks for your post. It inspired me to give this another go at the rights thing. 

Seems like next to user rights, under the company apps I had to allow delegated read access. I then took the ID from the error and then gave it permissions under app registrations for the exposed API.

 

The danger is that I don't really get what I did. Looking for some documentation on that :/. 

Helpful resources

Announcements
MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power automate tips 768x460 v2.png

Restore a Deleted Flow

Did you know that you could restore a deleted flow? Check out this helpful article.

Microsoft Build 768x460.png

Microsoft Build is May 24-26. Have you registered yet?

Come together to explore latest innovations in code and application development—and gain insights from experts from around the world.

May UG Leader Call Carousel 768x460.png

What difference can a User Group make for you?

At the monthly call, connect with other leaders and find out how community makes your experience even better.

Users online (2,485)