question

SaidRahmani-1850 avatar image
1 Vote"
SaidRahmani-1850 asked ·

Why does “signInAudience”: “AzureADMultipleOrgs” cause 'The URI scheme is invalid or unsupported'

I am getting an error when trying to switch the Supported account types to: Accounts in any organizational directory (Any Azure AD directory - Multitenant)

I am using as IdentifierUris the amazon cognito urn:amazon:cognito:sp:XXXXXXXXXXX

alt text

azure-active-directory
eopox.png (60.7 KiB)
· 4
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@SaidRahmani-1850, Are you trying to specify "urn:amazon:cognito:sp:XXXXXXXX" under the reply URL option present under "Azure AD > App Registration > App-Name > Authentication > Reply URL Section" and then selecting the radio button to toggle from single tenant to multitenant?

Or you have specified the IdentifierURI as "urn:amazon:cognito:sp:XXXXXXXXX" under "Enterprise applications - All applications >> Categories >> Add an application >> {App Name} - Single sign-on >>SAML-based Sign-on " and then just while trying to toggle from SingleTenant to MultiTenant is throwing that error?

Reason, I ask is if its the second case that I mentioned, I was able to repro the same in lab and got the same error you mentioned. According to this I believe this is a bug and I have reported the same to the backend team. But I believe the main issue is not able to toggle from singleTenant to multiTenant using the available Radio button under the App Registration section.

0 Votes 0 · ·

@SaidRahmani-1850, Just wanted to followup if you got a chance to check on the previous response. As your answers would really help us with the further investigation that is on-going in the backend.

0 Votes 0 · ·

@soumi-MSFT ,thanks for your reply, sorry i was busy in the previous days,

so, I have specified the IdentifierURI IdentifierURI as "urn:amazon:cognito:sp:XXXXXXXXX" in the manifest of the app, and when i try to toggle from singleTenant to multiTenant i got error

0 Votes 0 · ·
soumi-MSFT avatar image soumi-MSFT SaidRahmani-1850 ·

@SaidRahmani-1850, Thank you for sharing the update. Similar issue I also faced while trying to achieve the same in my lab and hence working further on this to figure out the reason. Stay tuned on this, will get back with some more updates shortly.

1 Vote 1 · ·
FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

Hello, The reason you're getting this error is because for multi-tenant AAD Application Registrations, with a multi-tenant app, the App ID URI has to be in a verified domain in your Azure AD and globally unique.

Reference document for more details: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant.

Azure AD supports SAML protocol and it looks like you've done this already but just for extra reference see the info below.

The application you register in App registration is usually used for OAuth/OpenID Connect protocol.

To integrate SAML in Azure AD, please refer to this document: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-non-gallery-app and register a non-gallery application in Enterprise applications.

Go to Azure portal > Azure Active Directory > Enterprise applications > New application > Non-gallery applications. Please kindly note this requires Azure AD Premium license.

And follow this link: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications to configure SAML authentication. Then I believe you could access your system(cognito) with Azure AD accounts using SAML.

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Rahat-J avatar image
0 Votes"
Rahat-J answered ·

Thank you for sharing the update. Similar issue

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.