The ultimate Microsoft Fabric, Power BI, Azure AI, and SQL learning event: Join us in Stockholm, September 24-27, 2024.
Save €200 with code MSCUST on top of early bird pricing!
Find everything you need to get certified on Fabric—skills challenges, live sessions, exam prep, role guidance, and more. Get started
Hi all
I'm having a problem when embedding a report, the following excepction appears:
parsing_wstrust_response_failed: Parsing WS-Trust response failed
What could it be?
Regards
J.
Hi @Juramirez,
Could you do some debugging on your application to find out which code you're using is throwing this error, and post the code here? So that we can better assist on this issue.
Regards
Thanks for reply. This is the code that is giving me the exception:
var authenticationResult = await authenticationContext.AcquireTokenAsync("https://analysis.windows.net/powerbi/api", "CLIENT ID FROM AZURE", credential);
It works inside a development server but in a production server it marks the exception. How can I solve it? Why is it happening?
Regards
JR
Any update on this please? Sitting with the same problem...
Hello, we are facing the same issue. Any update?
DId an nslookup on analysis.windows.net.... No answer. Strange, this is...
In our case, ADFS was blocked for passive authentication requests from outside the network.
Try to enable ADAL logging to check where the error comes from.
Seems you're right. Busy troubleshooting with MS and it seems to be related to ADFS. They also suggested direct authentication. More updates to follow...
@Anonymous, Can you please update how this issue is being addressed? applying HRD policy is not an option our security guys are entertaining.
The sample I'm using is using Resource owner password credentials flow for authentication. With this authentication flow, my application just sends the username and password to Azure AD. However, Azure AD using WS-Trust with ADFS to send username or password. However the ROPC has some limitations and it may not work for this federated user accounts.
Microsoft suggests this:
You can try to use Direct Authentication for federated user accounts if you cannot use WS-trust.
Azure AD has turned off the ability (by default) for customers to utilize the legacy-based authentication method of Direct Authentication for federated user accounts.
Direct Authentication for federated user accounts is the means of utilizing an Azure AD stored Password Hash to authenticate a federated user directly with Azure AD and retrieving a token from us without being sent to the Identity Provider for the account. As you probably have noticed, this ‘feature’ isn’t the best from a security perspective.
There is a way to turn this back on for the customer but we recommend you only do so on a per-app basis since the nature of this change will open the customer up to legacy authentication mechanisms for their entire tenant. The script supplied to customers who have one (1) application to turn this on with is as follows:
Connect-AzureAD
$sp = Get-AzureADServicePrincipal -SearchString "Name_Of_Application"
$policy = New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuth -Type HomeRealmDiscoveryPolicy -IsOrganizationDefault $false
Add-AzureADServicePrincipalPolicy -Id $sp.ObjectId -RefObjectId $policy.Id
HTH!
Hello, we are facing the same issue. Any update?
Hi @Juramirez,
Did you ever get this working? I have similar problem - except my error on the "AcquireTokenAsync" call is: "Microsoft.IdentityModel.Clients.ActiveDirectory.AdalException: parsing_wstrust_response_failed: Parsing WS-Trust response failed".
I can make it work, sort of, if: 1) I revert to a much older install of "Microsoft.IdentityModel.Clients.ActiveDirectory" (one WITHOUT the Async method), and 2) I use AcquireToken (not AcquireTokenAsync). Of course, then I get prompted for credentials.
Thanks,
Greg
Hi @Juramirez,
Have you found a solution to this yet? I'm facing the same exact issue.
The only way I could get the embedding to "work" was use an older version of "Microsoft.IdentityModel.Clients.ActiveDirectory", which uses AcquireToken() instead of AcquireTokenAsync() - but the user is prompted for credentials since they can't be passed (or, I have figured out how to pass them).
Thanks,
Greg
Hi @Juramirez,
Did you ever get this resolved? I'm facing exact same issue.
The only way I've gotten the embedding to "work" is to use an older version of the "Microsoft.IdentityModel.Clients.ActiveDirectory" NuGet package - one WITHOUT the AcquireTokenAsync() call, it just has AcquireToken(). But this brings up the credentials prompt.
Thanks,
Greg
Join the community in Stockholm for expert Microsoft Fabric learning including a very exciting keynote from Arun Ulag, Corporate Vice President, Azure Data.
Check out the August 2024 Power BI update to learn about new features.