Forum Discussion
Certificate error
I was able to resolve my issue.
These are the steps that were different in my successful attempt:
1) When creating the self signed cert, I passed the date parameters in MM/DD/YYYY format, and added the -String.
Previously I was passing the date as DD/MM/YYYY. The snippet I ran was as follows:
.\Create-SelfSignedCertificate.ps1 -CommonName "cwl-partner-pack" -StartDate 09/11/2016 -EndDate 09/11/2018 -Password(ConvertTo-SecureString -String "foo" -AsPlainText -Force)
2) My VS2015 was signed in under my microsft account registered with MSDN, which is not the subscription I was working with. To make sure I was targeting the right subscription, I signed out of visual studio (top right) and in the cloud explorer I connected to the target subscription.
3) This is the one I think that was the fix. When I ran the publish dialog, I imported the publishing profile, but instead of publishing I click on "Close" (next to publish). Then I ran the publish dialog again, and this time the "Enable Organizational Auhtentication" option appeared, and was checked off. I unchecked it, then published with successful outcome.
Bob
MicrosoftDid you add the certificate to your Azure web app as described here: https://github.com/OfficeDev/PnP-Partner-Pack/blob/master/Documentation/Manual-Setup-Guide.md#app-only-certificate-configuration-in-the-azure-web-app?
Yes I completed the steps to create the x.509 self signed certificate and uploaded it to my web app, as per the instructions. I also added the "WEBSITE_LOAD_CERTIFICATES" with value of "*" to the App Settings area. I used the latest PNP-Powershell from github to create the cert, extract the Key information, paste into the manifest and upload back into the Azure AD App configuration.
Other details:
- added the "/" at the end of the reply to address in the Azure AD app configuration
- for the Azure AD app, added the app permissions for SPO and delegate permissions for Microsoft Graph (read and write access to USer Profiles) FYI I missed this on the first attempt.
- When generating the secret for the Azure AD app, I specified two years instead of one.
- creation of Infrastrucutral Site, provisioning of Infrastructral site, and web.config customization were completed successfully using the powershell scripts.
I was follwing the video, which obfiscates some of the powershell text when creating the cert. Here is what I used to create the cert, perhaps thats an issue.
.\Create-SelfSignedCertificate.ps1 -CommonName "mysiteprovisioning" -StartDate 06/09/2016 -EndDate 06/09/2018 -Password(ConvertTo-SecureString "xxxxxx" -AsPlainText -Force)
I did make three attempts. Each time I deleted the Azure AD app, the web app. and the infrastructual site collection in my tenant. I was careful to isolate certs, Client IDs, etc. between each attempt. Each time I landed on this error on page load:
Oops! Exception occurred!
Value cannot be null. Parameter name: certificateat Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate..ctor(String clientId, X509Certificate2 certificate) at OfficeDevPnP.Core.AuthenticationManager.GetAzureADAppOnlyAuthenticatedContext(String siteUrl, String clientId, String tenant, X509Certificate2 certificate) at OfficeDevPnP.PartnerPack.Infrastructure.PnPPartnerPackContextProvider.GetAppOnlyClientContext(String siteUrl) at OfficeDevPnP.PartnerPack.SiteProvisioning.Controllers.HomeController.Index() at lambda_method(Closure , ControllerBase , Object[] ) at System.Web.Mvc.ActionMethodDispatcher.Execute(ControllerBase controller, Object[] parameters) at System.Web.Mvc.ReflectedActionDescriptor.Execute(ControllerContext controllerContext, IDictionary`2 parameters) at System.Web.Mvc.ControllerActionInvoker.InvokeActionMethod(ControllerContext controllerContext, ActionDescriptor actionDescriptor, IDictionary`2 parameters) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<BeginInvokeSynchronousActionMethod>b__39(IAsyncResult asyncResult, ActionInvocation innerInvokeState) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`2.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethod(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3d() at System.Web.Mvc.Async.AsyncControllerActionInvoker.AsyncInvocationWithFilters.<>c__DisplayClass46.<InvokeActionMethodFilterAsynchronouslyRecursive>b__3f() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass33.<BeginInvokeActionMethodWithFilters>b__32(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.CallEndDelegate(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResultBase`1.End() at System.Web.Mvc.Async.AsyncControllerActionInvoker.EndInvokeActionMethodWithFilters(IAsyncResult asyncResult) at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<>c__DisplayClass2b.<BeginInvokeAction>b__1c() at System.Web.Mvc.Async.AsyncControllerActionInvoker.<>c__DisplayClass21.<BeginInvokeAction>b__1e(IAsyncResult asyncResult)© Office 365 Developers Patterns & Practices - PnP Partner Pack version: 1.1 (February 2016)
Bob
- BertJansen
One last thing to doublecheck is how you've published the web app...from the guide: "When you publish the web application, remember to *uncheck *the option "Enable Organizational Authentication". If you leave this selected you migh face authentication issues when running the pnp-partner-pack"
I've specifically addded that to the docs as I was having similar issues like you're seeing when I deployed the partner pack.
I think the tooling has changed since the PnP Partner Pack setup manual and video were released.
I'm using VS Professional 2015 Update 3. When I publish for the first time, there is no option to turn off "Enable Organization Authentication" the publish wizard. If I publish again, it does appear, and is checked off. I uncheck and publish again, but does not resolve the issue. Also I note that additional apps are registering against the Azure AD in my tenant. these apps start with prefix WebApp- and can not be deleted from management portal.
If its a tooling issue, others must be encountering the same. Can anyone repro this issue?