Starting December 3, join live sessions with database experts and the Microsoft product team to learn just how easy it is to get started
Learn moreGet certified in Microsoft Fabric—for free! For a limited time, get a free DP-600 exam voucher to use by the end of 2024. Register now
Hi all
I'm having a problem when embedding a report, the following excepction appears:
parsing_wstrust_response_failed: Parsing WS-Trust response failed
What could it be?
Regards
J.
Hi @Juramirez,
Could you do some debugging on your application to find out which code you're using is throwing this error, and post the code here? So that we can better assist on this issue.
Regards
Thanks for reply. This is the code that is giving me the exception:
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://analysis.windows.net/powerbi/api", "CLIENT ID FROM AZURE", credential);
It works inside a development server but in a production server it marks the exception. How can I solve it? Why is it happening?
Regards
JR
Any update on this please? Sitting with the same problem...
Hello, we are facing the same issue. Any update?
DId an nslookup on analysis.windows.net.... No answer. Strange, this is...
In our case, ADFS was blocked for passive authentication requests from outside the network.
Try to enable ADAL logging to check where the error comes from.
Seems you're right. Busy troubleshooting with MS and it seems to be related to ADFS. They also suggested direct authentication. More updates to follow...
@Anonymous, Can you please update how this issue is being addressed? applying HRD policy is not an option our security guys are entertaining.
The sample I'm using is using Resource owner password credentials flow for authentication. With this authentication flow, my application just sends the username and password to Azure AD. However, Azure AD using WS-Trust with ADFS to send username or password. However the ROPC has some limitations and it may not work for this federated user accounts.
Microsoft suggests this:
You can try to use Direct Authentication for federated user accounts if you cannot use WS-trust.
Azure AD has turned off the ability (by default) for customers to utilize the legacy-based authentication method of Direct Authentication for federated user accounts.
Direct Authentication for federated user accounts is the means of utilizing an Azure AD stored Password Hash to authenticate a federated user directly with Azure AD and retrieving a token from us without being sent to the Identity Provider for the account. As you probably have noticed, this ‘feature’ isn’t the best from a security perspective.
There is a way to turn this back on for the customer but we recommend you only do so on a per-app basis since the nature of this change will open the customer up to legacy authentication mechanisms for their entire tenant. The script supplied to customers who have one (1) application to turn this on with is as follows:
Connect-AzureAD
$sp = Get-AzureADServicePrincipal -SearchString "Name_Of_Application"
$policy = New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuth -Type HomeRealmDiscoveryPolicy -IsOrganizationDefault $false
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
HTH!
Hello, we are facing the same issue. Any update?
Hi @Juramirez,
Did you ever get this working? I have similar problem - except my error on the "AcquireTokenAsync" call is: "Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: parsing_wstrust_response_failed: Parsing WS-Trust response failed".
I can make it work, sort of, if: 1) I revert to a much older install of "Microsoft.IdentityModel.Clients.ActiveDirectory" (one WITHOUT the Async method), and 2) I use AcquireToken (not AcquireTokenAsync). Of course, then I get prompted for credentials.
Thanks,
Greg
Hi @Juramirez,
Have you found a solution to this yet? I'm facing the same exact issue.
The only way I could get the embedding to "work" was use an older version of "Microsoft.IdentityModel.Clients.ActiveDirectory", which uses AcquireToken() instead of AcquireTokenAsync() - but the user is prompted for credentials since they can't be passed (or, I have figured out how to pass them).
Thanks,
Greg
Hi @Juramirez,
Did you ever get this resolved? I'm facing exact same issue.
The only way I've gotten the embedding to "work" is to use an older version of the "Microsoft.IdentityModel.Clients.ActiveDirectory" NuGet package - one WITHOUT the AcquireTokenAsync() call, it just has AcquireToken(). But this brings up the credentials prompt.
Thanks,
Greg
Starting December 3, join live sessions with database experts and the Fabric product team to learn just how easy it is to get started.
March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount! Early Bird pricing ends December 9th.
User | Count |
---|---|
3 | |
2 | |
1 | |
1 | |
1 |