尝试使用来自另一个 Azure 租户的来宾 Azure AD 帐户通过 SSO 登录 Office 加载项
[英]Trying to sign-in Office Add-in via SSO with a guest Azure AD account from another Azure tenant
问题描述
We are developing an Office Add-in, in an Azure VM hosted in our main Azure tenant @ourcompany.com.
我们正在我们的主要 Azure 租户 @ourcompany.com 中托管的 Azure VM 中开发 Office 加载项。
The Azure AD App Registration is provisioned in the main Azure tenant. Azure AD 应用注册在主 Azure 租户中预配。
The Users in the main tenant are licensed to Microsoft 365.主租户中的用户已获得 Microsoft 365 的许可。
We also have an Azure development tenant @ourcompanydev.onmicrosoft.com with Users who do not have Microsoft 365 licenses.我们还有一个 Azure 开发租户 @ourcompanydev.onmicrosoft.com,其中包含没有 Microsoft 365 许可证的用户。
These users have been added as external guest Users in the main Azure tenant.这些用户已作为外部来宾用户添加到主 Azure 租户中。
When testing in Postman, all Users from both tenants can authenticate with Azure AD and access the Web App using token acquired via implicit OAuth2 flow.在 Postman 中进行测试时,来自两个租户的所有用户都可以使用 Azure AD 进行身份验证,并使用通过隐式 OAuth2 流获取的令牌访问 Web 应用程序。
However when singing into Office SSO with external guest Users, the process fails.但是,当与外部来宾用户一起进入 Office SSO 时,该过程会失败。
The following Office SSO attempts were made and their outcome进行了以下 Office SSO 尝试及其结果
| User用户 |
Microsoft 365 License Microsoft 365 许可证 |
Outcome结果 |
|---|---|---|
| user1@ourcompany.com user1@ourcompany.com |
Yes是的 |
Success成功 |
| user2@ourcompany.com user2@ourcompany.com |
No不 |
Success成功 |
| user3@ourcompanydev.onmicrosoft.com user3@ourcompanydev.onmicrosoft.com |
Yes是的 |
Failed失败的 |
| user4@ourcompanydev.onmicrosoft.com user4@ourcompanydev.onmicrosoft.com |
No不 |
Failed失败的 |
The Failed error message is rather ambiguous, to suggest we have our <WebApplicationInfo> settings misconfigured but it is not, as the Success scenarios above prove Failed 错误消息相当模糊,表明我们的<WebApplicationInfo>设置配置错误,但事实并非如此,正如上面的成功场景所证明的那样
code: 13004
message: "Invalid resource Url specified in the manifest."
name: "Invalid application resource Url provided."
1 个解决方案
解决方案1
1 2022-07-08 12:23:07
The error " Invalid resource Url specified in the manifest " if there is any domain mismatch.如果存在任何域不匹配,则会出现错误“ Invalid resource Url specified in the manifest ”。
AFAIK , the External users have domain ( @ourcompanydev.onmicrosoft.com ) that does not match the domain of the add-in ( @ourcompany.com ) so you are getting the error code 13004 . AFAIK ,外部用户的域 ( @ourcompanydev.onmicrosoft.com ) 与加载项 ( @ourcompany.com ) 的域不匹配,因此您收到错误代码13004 。
- Check whether the manifest has been configured correctly.检查清单是否配置正确。
- Check whether the resource protocol is
apior not.检查资源协议是否为api。 - Check whether you have included any port in the domain, if yes it should be same as add-in domain.检查您是否在域中包含任何端口,如果是,则应与加载项域相同。
Try Validating your office add-in Manifest.尝试验证您的 Office 加载项清单。
For more in detail, please refer below links:更多详细信息,请参考以下链接:
Troubleshoot error messages for single sign-on - Office Add-ins | 单点登录错误消息疑难解答 - Office 加载项 | Microsoft Docs 微软文档
validate-office-addin passes, Office.context.auth.getAccessTokenAsync fails with error 13004 by Rick-Kirkham validate-office-addin 通过,Office.context.auth.getAccessTokenAsync 失败,错误 13004 由Rick-Kirkham
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.