The identity of the calling application could not be established.

[Jpm6179]

I today was able to do the initial configuration of the web store front via the Partner portal and have started testing the solution.

If I click logon, and then logon as a existing office 365 customer we receive this error. "The identity of the calling application could not be established."

In addition to this we receive this error when selecting the pre-approved customer list from the admin portal.

Could not retrieve pre-approved customer details.

[ghost]

@Jpm6179 with respect to the "identity of the calling application could be established" error, this is caused by the Azure Active Directory tenant of the customer not have a service principal for the application you are using authentication. This should not be an issue because the user should be prompted for consent the first time they authenticate. Once they grant consent the required service principals will be created in their Azure Active Directory.

Since you are encountering this issue I would recommend checking the following

1. Verify that the Azure Active Directory application used for authentication is configured to be available to other directories. The figure below shows how the application should be configured

2. If the user being used that generates this error is from a customer associated with your enrollment into the Cloud Solution Provider program, then you can configure the application used for authentication for pre-consent.
3. If the above does not help when the user is authenticating have them append &prompt=admin_consent to the URL that they are redirected to after they click login. Doing this will cause Azure Active Directory to perform an admin consent for the application. Which will in turn create the required service principal

I hope that this helps.

[Jpm6179]

The application is already configured as shown in #1, and the accounts I have used for testing have preformed the admin consent without issue, however the issue persists.

Also if I logon as my admin account to the portal and click on "Pre Approved Customer" I receive a error "Could not retrieve pre-approved customer details"

[ghost]

Performing the admin consent in the context of the customer should have resolved the issue. However, since it did not you can leverage the Azure AD PowerShell module to manually create the service principal. To do this you will want to run the New-AzureADServicePrincipal. An example can be found below

Connect-AzureAD -TenantId 'xxxx-xxxx-xxxx-xxxx'
New-AzureADServicePrincipal -AppId 'yyyy-yyyy-yyyy-yyyy' -DisplayName 'Display name of your app'

Note you will want to specify the customer identifier when connecting, to ensure the operations are invoked against the customer tenant and not the partner tenant. Also, when you are prompted for credentials you will want to utilize partner level credentials that Admin Agent privileges.

To help provide guidance regarding the pre-approved customers error you are encounter, can you try the operation while leveraging the debug tools for your browser. This will allow you to exam the HTTP request that is failing, so you can get a better idea of what is happening.

[Jpm6179]

Here is the debug information from the pre-approved customer error. If we can focus on this error instead of the customer facing error to start as I believe they are related and this way I dont need to work in a customers tenant.

<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Frameset//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-frameset.dtd">

[Jpm6179]

does the above information help, is there any other information we can provide to help resolve this issue?