Wondering if anyone else is running Task Agent with Azure AD authentication and what advice you may have for us.
We are running Kinetic 2023.2. I’m trying to setup Azure AD for our Dev instance. The appserver is deployed with Azure AD authentication. Admin Console connects, full client connects, browser client connects. However, I can’t get the Task Agent service to connect via Azure AD.
We are configured according to Epicor Supports instructions and screenshots that were provided. They have now referred me to a Stack Overflow thread that says to turn on “Allow public client flows.”
The Windows Event Log has the following:
Event log error:
An error occurred while attempting to register the service with the application server: MSAL.Desktop.4.49.1.0.MsalServiceException:
ErrorCode: invalid_client
Microsoft.Identity.Client.MsalServiceException: A configuration issue is preventing authentication - check the error message from the server for details. You can modify the configuration in the application registration portal. See Microsoft Entra authentication & authorization error codes - Microsoft identity platform | Microsoft Learn for details. Original exception: AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. Trace ID: f9bbfdfc-8b4a-4dc5-8792-1c844039b500 Correlation ID: 4fbaf6a1-af35-4a9a-a6ff-9bea13c76d20 Timestamp: 2024-06-06 18:12:35Z
at Microsoft.Identity.Client.OAuth2.OAuth2Client.ThrowServerException(HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.CreateResponse[T](HttpResponse response, RequestContext requestContext)
at Microsoft.Identity.Client.OAuth2.OAuth2Client.d__111.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.OAuth2Client.<GetTokenAsync>d__10.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at Microsoft.Identity.Client.OAuth2.TokenClient.<SendHttpAndClearTelemetryAsync>d__11.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.OAuth2.TokenClient.<SendTokenRequestAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.<GetTokenResponseAsync>d__6.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.UsernamePasswordRequest.<ExecuteAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.<ExecuteAsync>d__5.MoveNext() --- End of stack trace from previous location where exception was thrown --- at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) at Ice.TaskAgent.Support.AzureADSupport.GetToken(AzureADSettings settings, String username, String password) in C:\_releases\ICE\ICE4.2.400.13\Source\TaskAgent\TaskAgentSupport\AzureADSupport.cs:line 51 at Ice.Cloud.ProxyBase1.SetAzureADTokenHeader() in C:_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 524
at Ice.Cloud.ProxyBase1.ConfigureAzureADToken() in C:\_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 468 at Ice.Cloud.ProxyBase1.SetHeaders() in C:_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 411
at Ice.Cloud.ProxyBase1.HandleContractBeforeCall() in C:\_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 257 at Ice.Cloud.ProxyBase1.CallWithCommunicationFailureRetry(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, RestRpcValueSerializer serializer) in C:_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 722
at Ice.Cloud.ProxyBase1.CallWithMultistepBpmHandling(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, Boolean useSparseCopy) in C:\_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 672 at Ice.Cloud.ProxyBase1.Call(String methodName, ProxyValuesIn valuesIn, ProxyValuesOut valuesOut, Boolean useSparseCopy) in C:_releases\ICE\ICE4.2.400.13\Source\Shared\Framework\Epicor.ServiceModel\Cloud\ProxyBase.cs:line 651
at Ice.Proxy.Lib.SessionModImpl.Login() in C:_releases\ICE\ICE4.2.400.13\Source\Shared\Contracts\Lib\SessionMod\SessionModProxy.cs:line 230
at Ice.TaskAgent.Support.TaskAgentHelper.VerifyConnectionDetails(String& errorMessage, String appServerUrl, String userId, String securedUserPassword, String endpointBinding, Int32 operationTimeout, Boolean validateWCFCertificate, String dnsIdentity, String directoryId, String nativeAppId, String webAppId) in C:_releases\ICE\ICE4.2.400.13\Source\TaskAgent\TaskAgentSupport\TaskAgentHelper.cs:line 952
StatusCode: 401
ResponseBody: {“error”:“invalid_client”,“error_description”:“AADSTS7000218: The request body must contain the following parameter: ‘client_assertion’ or ‘client_secret’. Trace ID: f9bbfdfc-8b4a-4dc5-8792-1c844039b500 Correlation ID: 4fbaf6a1-af35-4a9a-a6ff-9bea13c76d20 Timestamp: 2024-06-06 18:12:35Z”,“error_codes”:[7000218],“timestamp”:“2024-06-06 18:12:35Z”,“trace_id”:“f9bbfdfc-8b4a-4dc5-8792-1c844039b500”,“correlation_id”:“4fbaf6a1-af35-4a9a-a6ff-9bea13c76d20”,“error_uri”:“https://login.microsoftonline.com/error?code=7000218”}
Headers: Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
client-request-id: 4fbaf6a1-af35-4a9a-a6ff-9bea13c76d20
x-ms-request-id: f9bbfdfc-8b4a-4dc5-8792-1c844039b500
x-ms-ests-server: 2.1.18216.5 - EUS ProdSlices
x-ms-clitelem: 1,7000218,0,
x-ms-srs: 1.P
X-XSS-Protection: 0
Cache-Control: no-store, no-cache
P3P: CP=“DSP CUR OTPi IND OTRi ONL FIN”
Set-Cookie: fpc=AjcD-uMfuiFCj7K0rnfonkDgT3ztAQAAABLz890OAAAA; expires=Sat, 06-Jul-2024 18:12:35 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=estsfd; path=/; secure; httponly
Date: Thu, 06 Jun 2024 18:12:34 GMT
.
We are ultimately trying to get the application deployed to our Microsoft 365 App Launcher.
Any assistance would be greatly appreciated.