cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
finalbeta
Frequent Visitor

HTTP with Azure AD fails to log on to application

I have several on premise applications that are protected using SAML with Azure AD. When I surf from my own browser, I'm able to log in just fine. (So the SAML works and my user has the correct rights to use the application)

Some of the applications have REST api's or other information I wish to use from within Microsoft flow. 
For this I would like to use "HTTP with AzureAD". Now I can't seem to be able to connect to my application from Microsoft flow. 
The connector asks 2 things, the Base resource URL, and the Azure-AD-Resource URI(URI for application ID). 

I've tried to use my application in the first and second field, like https://something.domain.be and with the application ID in the second. 

 

I'm getting the following errors when I try: 

Failed with the following error: AADSTS500011: The resource principal named https://something.domain.be was not found in the tenant named 0bef95b9-9628-4bae-b485-morenumbers. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. Log on again


Failed with the following error: AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 7ab7862c-4c57-491e-8a45-morenumbers(App Service). Resource value from request: 826f3be2-86ef-4832-bc15-numbers. Resource app ID: 826f3be2-86ef-4832-bc15-numbers. List of valid resources from app registration: . Log on again

 

I've been brute forcing the connector with values and I'm failing to get this sorted. Help would be appreciated!

2 REPLIES 2
rsaikrishna
Super User
Super User

Hi @finalbeta, I am not sure about about the internal details of your application but the error is clearly mentioning that it is looking for adequate permissions to access the service.

Looks like your App Permissions missing some permissions in the Azure App Registration page.

If you can review the permissions and the activities the app is doing, you can easily figure out the permissions desired. If you are not sure, try to allocate maximum permissions to isolate the issue. Do this only if you are in DEV stage. Don't try in PROD.

 

https://docs.microsoft.com/en-us/graph/notifications-integration-app-registration

 

NOTE: If my reply helps, please click Accepted Solution and ThumbsUp.

Hi, thanks for your post. It inspired me to give this another go at the rights thing. 

Seems like next to user rights, under the company apps I had to allow delegated read access. I then took the ID from the error and then gave it permissions under app registrations for the exposed API.

 

The danger is that I don't really get what I did. Looking for some documentation on that :/. 

Helpful resources

Announcements
Power Platform Conf 2022 768x460.jpg

Join us for Microsoft Power Platform Conference

The first Microsoft-sponsored Power Platform Conference is coming in September. 100+ speakers, 150+ sessions, and what's new and next for Power Platform.

May UG Leader Call Carousel 768x460.png

June User Group Leader Call

Join us on June 28 for our monthly User Group leader call!

MPA Virtual Workshop Carousel 768x460.png

Register for a Free Workshop

Learn to digitize and optimize business processes and connect all your applications to share data in real time.

Power Automate Designer Feedback_carousel.jpg

Help make Flow Design easier

Are you new to designing flows? What is your biggest struggle with Power Automate Designer? Help us make it more user friendly!

Users online (2,068)