Container with AAD authentication

nicolassaleron commented 2 years ago

Describe the issue I am trying to create a new container with AccessControlService credential type.

When login to BC in a private window, I am redirected to https://login.microsoftonline.com/48***-***-***-***-***aa/oauth2/authorize?client_id=90***-***-***-***-***718aea8c&redirect_uri=https%3A%2F%2F***.capvision-cloud.fr%3A7143%2FBC%2FSignIn&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=63***Ux&state=***DrQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.15.0.0

But once returned to BC, I got this page.

I have not found something relevant in the logs.

Scripts used to create container and cause the issue


[string]$publicDnsName = "***.capvision-cloud.fr"
[string]$containerName = "bc-master"
[string]$artifact = "/sandbox//fr/NextMinor"
[string]$sasToken = $null
[string]$licenseFile = "https://***/5164876.bclicense"
[string]$publicHttpsPort = "7143"
[string]$publicHttpPort = "7180"
[string]$publicHttpAltPort = "7188"
[string]$publicServicePorts = "7146-7149"
[string]$adminPassword = "Admin1234!"
[string]$memoryLimit = "10G"
[string]$domainCertificate = "https://***/capvision-cloud.fr.pfx"
[string]$setupCertificateScript = "https://***/SetupCertificate.ps1"

$securePassword = ConvertTo-SecureString -String $adminPassword -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential -argumentList "nicolas.saleron", $securePassword
$additionalParameters = @("--publish ${publicHttpAltPort}:8080",
                          "--publish ${publicHttpPort}:80",
                          "--publish ${publicHttpsPort}:443",
                          "--publish ${publicServicePorts}:7046-7049",
                          "--restart always")

$segments = "$artifact////".Split('/')

$artifactUrl = Get-BCArtifactUrl -storageAccount $segments[0] -type $segments[1] -version $segments[2] -country $segments[3] -select $segments[4] -sasToken $sasToken | Select-Object -First 1
Write-Host "##[debug]Looking for $segments"

if (-not ($artifactUrl)) {
  Write-Host "##vso[task.logissue type=error]Unable to locate an artifact."
  Write-Host "##vso[task.complete result=Failed;]Unable to locate an artifact."
  Exit
}
Write-Host "##[debug]Artifact found: $artifactUrl"

New-BCContainer `
    -accept_eula `
    -alwaysPull `
    -isolation hyperv `
    -containerName $ContainerName `
    -useSSL `
    -myscripts @($setupCertificateScript, $domainCertificate) `
    -auth AAD `
    -AadTenant "48***-***-***-***-**aa" `
    -AadAppId "90***-***-***-***-**8c" `
    -AadAppIdUri "api://90***-***-***-***-***8c" `
    -AuthenticationEMail "$($credential.UserName)@capvision.fr" `
    -credential $credential `
    -additionalParameters $additionalParameters `
    -licensefile "$licenseFile" `
    -useBestContainerOS `
    -memoryLimit $memoryLimit `
    -PublicDnsName $publicDnsName `
    -artifactUrl $artifactUrl

Full output of scripts

2022-08-17T07:44:53.4229517Z ##[section]Starting: Create container
2022-08-17T07:44:53.4384867Z ==============================================================================
2022-08-17T07:44:53.4385275Z Task         : PowerShell
2022-08-17T07:44:53.4385593Z Description  : Run a PowerShell script on Linux, macOS, or Windows
2022-08-17T07:44:53.4385889Z Version      : 2.200.0
2022-08-17T07:44:53.4386153Z Author       : Microsoft Corporation
2022-08-17T07:44:53.4386522Z Help         : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/powershell
2022-08-17T07:44:53.4386926Z ==============================================================================
2022-08-17T07:44:55.2563671Z Generating script.
2022-08-17T07:44:55.2593960Z Formatted command: . 'C:\agent\_work\1\s\Powershell\NewBCDevelopmentContainer@1.ps1' -adminPassword "***" -containerName "bc-master" -publicDnsName "***.capvision-cloud.fr" -publicServicePorts "7146-7149" -publicHttpsPort "7143" -publicHttpPort "7180" -publicHttpAltPort "7188" -artifact "***" -sasToken "***" -licenseFile "***" -memoryLimit "12G" -domainCertificate "***" -setupCertificateScript "***"
2022-08-17T07:44:55.2958236Z ========================== Starting Command Output ===========================
2022-08-17T07:44:55.3197400Z ##[command]"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe" -NoLogo -NoProfile -NonInteractive -ExecutionPolicy Unrestricted -Command ". 'C:\agent\_work\_temp\0fb12439-5496-4b91-af18-61619de48924.ps1'"
2022-08-17T07:44:55.9620072Z BcContainerHelper version 3.0.11
2022-08-17T07:44:56.3360482Z BcContainerHelper emits usage statistics telemetry to Microsoft
2022-08-17T07:45:26.3314997Z ##[debug]Looking for  sandbox  fr NextMinor    
2022-08-17T07:45:26.3354069Z ##[debug]Artifact found: https://bcinsider.azureedge.net/sandbox/20.5.45140.0/fr***
2022-08-17T07:45:27.9887985Z BcContainerHelper is version 3.0.11
2022-08-17T07:45:27.9898604Z BcContainerHelper is running as administrator
2022-08-17T07:45:31.2346993Z Hyper-V is Enabled
2022-08-17T07:45:31.2381368Z UsePsSession is True
2022-08-17T07:45:31.2409778Z Host is Microsoft Windows 10 Entreprise - 21H1
2022-08-17T07:45:31.3686380Z Docker Client Version is 20.10.12
2022-08-17T07:45:31.3719587Z Docker Server Version is 20.10.12
2022-08-17T07:45:31.7234535Z Removing Session bc-master
2022-08-17T07:45:31.8070057Z Removing container bc-master
2022-08-17T07:45:33.5482844Z Removing Desktop shortcuts
2022-08-17T07:45:33.7288676Z Removing C:\ProgramData\BcContainerHelper\Extensions\bc-master
2022-08-17T07:45:34.7768519Z Fetching all docker images
2022-08-17T07:45:34.8579738Z Fetching all docker volumes
2022-08-17T07:45:35.0755088Z INFO: Windows 10 21H1/21H2 images are not yet available, using 2004 as these are found to work better than 20H2 on 21H1/21H2
2022-08-17T07:45:35.1066299Z Pulling image mcr.microsoft.com/businesscentral:10.0.19041.1415
2022-08-17T07:45:35.4256558Z 10.0.19041.1415: Pulling from businesscentral
2022-08-17T07:45:35.4281593Z Digest: sha256:ed1778dd00e2c32a7037c7d766c9020def52f06af4ad0b979ee338b3bc7779ef
2022-08-17T07:45:35.4299833Z Status: Image is up to date for mcr.microsoft.com/businesscentral:10.0.19041.1415
2022-08-17T07:45:35.4332832Z mcr.microsoft.com/businesscentral:10.0.19041.1415
2022-08-17T07:45:35.4391337Z Using image mcr.microsoft.com/businesscentral:10.0.19041.1415
2022-08-17T07:45:35.5199160Z PublicDnsName is ***.capvision-cloud.fr
2022-08-17T07:45:35.9293939Z Creating Container bc-master
2022-08-17T07:45:35.9306925Z Style: sandbox
2022-08-17T07:45:35.9320064Z Multitenant: Yes
2022-08-17T07:45:35.9341207Z Version: 20.5.45140.0
2022-08-17T07:45:35.9353558Z Platform: 20.0.45122.0
2022-08-17T07:45:35.9380331Z Generic Tag: 1.0.2.12
2022-08-17T07:45:35.9426485Z Container OS Version: 10.0.19041.1415 (2004)
2022-08-17T07:45:35.9438148Z Host OS Version: 10.0.19043.1466 (21H1)
2022-08-17T07:45:35.9537168Z Using hyperv isolation
2022-08-17T07:45:35.9587135Z Using locale fr-FR
2022-08-17T07:45:35.9641319Z Disabling the standard eventlog dump to container log every 2 seconds (use -dumpEventLog to enable)
2022-08-17T07:45:36.0116139Z Downloading C:\ProgramData\BcContainerHelper\Extensions\bc-master\my\SetupCertificate.ps1
2022-08-17T07:45:36.1010799Z Downloading C:\ProgramData\BcContainerHelper\Extensions\bc-master\my\capvision-cloud.fr.pfx
2022-08-17T07:45:36.1180440Z Using license file https://***/5164876.bclicense
2022-08-17T07:45:36.1228277Z Downloading C:\ProgramData\BcContainerHelper\Extensions\bc-master\my\license.bclicense
2022-08-17T07:45:36.2350041Z Additional Parameters:
2022-08-17T07:45:36.2456480Z --publish 7188:8080
2022-08-17T07:45:36.2467503Z --publish 7180:80
2022-08-17T07:45:36.2478533Z --publish 7143:443
2022-08-17T07:45:36.2489274Z --publish 7146-7149:7046-7049
2022-08-17T07:45:36.2499639Z --restart always
2022-08-17T07:45:36.2510308Z --env customNavSettings=ValidAudiences=90***-***-***-***-***8c;https://api.businesscentral.dynamics.com,DisableTokenSigningCertificateValidation=True,ExtendedSecurityTokenLifetime=24,ClientServicesCredentialType=NavUserPassword
2022-08-17T07:45:36.2521113Z --env customWebSettings=AadApplicationId=90***-***-***-***-***8c,AadAuthorityUri=https://login.microsoftonline.com/***
2022-08-17T07:45:36.2530913Z Files in C:\ProgramData\BcContainerHelper\Extensions\bc-master\my:
2022-08-17T07:45:36.2655888Z - AdditionalOutput.ps1
2022-08-17T07:45:36.2667115Z - capvision-cloud.fr.pfx
2022-08-17T07:45:36.2678176Z - license.bclicense
2022-08-17T07:45:36.2689317Z - MainLoop.ps1
2022-08-17T07:45:36.2700316Z - SetupCertificate.ps1
2022-08-17T07:45:36.2711401Z - SetupVariables.ps1
2022-08-17T07:45:36.2723068Z - updatecontainerhosts.ps1
2022-08-17T07:45:36.2734006Z Creating container bc-master from image mcr.microsoft.com/businesscentral:10.0.19041.1415
2022-08-17T07:45:36.3874923Z 84711d3117d8729433f85a92050f0e76382219e26ec5f9afc5db6dc26dcd0b1f
2022-08-17T07:45:39.8106723Z Waiting for container bc-master to be ready
2022-08-17T07:45:45.2422621Z Using artifactUrl https://bcinsider.azureedge.net/sandbox/20.5.45140.0/fr
2022-08-17T07:45:45.2423669Z Using installer from C:\Run\150-new
2022-08-17T07:45:45.2424785Z Installing Business Central
2022-08-17T07:45:45.2427397Z Installing from artifacts
2022-08-17T07:45:49.5988845Z Starting Local SQL Server
2022-08-17T07:45:49.5989658Z Starting Internet Information Server
2022-08-17T07:45:49.5990050Z Copying Service Tier Files
2022-08-17T07:45:52.8918649Z c:\dl\sandbox\20.5.45140.0\platform\ServiceTier\Program Files
2022-08-17T07:45:52.8919621Z c:\dl\sandbox\20.5.45140.0\platform\ServiceTier\System64Folder
2022-08-17T07:45:52.8920241Z Copying PowerShell Scripts
2022-08-17T07:45:52.8920822Z c:\dl\sandbox\20.5.45140.0\platform\WindowsPowerShellScripts\Cloud\NAVAdministration
2022-08-17T07:45:52.8921562Z c:\dl\sandbox\20.5.45140.0\platform\WindowsPowerShellScripts\WebSearch
2022-08-17T07:45:52.8922247Z Copying Web Client Files
2022-08-17T07:45:57.2399380Z c:\dl\sandbox\20.5.45140.0\platform\WebClient\Microsoft Dynamics NAV
2022-08-17T07:45:57.2400278Z Copying Client Files
2022-08-17T07:45:58.3269348Z c:\dl\sandbox\20.5.45140.0\platform\LegacyDlls\program files\Microsoft Dynamics NAV
2022-08-17T07:45:58.3270908Z c:\dl\sandbox\20.5.45140.0\platform\LegacyDlls\program files\Microsoft Dynamics NAV
2022-08-17T07:45:58.3271587Z c:\dl\sandbox\20.5.45140.0\platform\LegacyDlls\systemFolder
2022-08-17T07:45:58.3272170Z Copying ModernDev Files
2022-08-17T07:45:58.3274931Z c:\dl\sandbox\20.5.45140.0\platform
2022-08-17T07:45:58.3277684Z c:\dl\sandbox\20.5.45140.0\platform\ModernDev\program files\Microsoft Dynamics NAV
2022-08-17T07:45:58.3278423Z Copying additional files
2022-08-17T07:45:58.3279395Z Copying ConfigurationPackages
2022-08-17T07:45:58.3280300Z C:\dl\sandbox\20.5.45140.0\fr\ConfigurationPackages
2022-08-17T07:45:58.3280987Z Copying Test Assemblies
2022-08-17T07:45:59.4308898Z C:\dl\sandbox\20.5.45140.0\platform\Test Assemblies
2022-08-17T07:45:59.4310055Z Copying Extensions
2022-08-17T07:46:00.5554606Z C:\dl\sandbox\20.5.45140.0\fr\Extensions
2022-08-17T07:46:00.5555359Z Copying Applications
2022-08-17T07:46:01.6330432Z C:\dl\sandbox\20.5.45140.0\platform\Applications
2022-08-17T07:46:01.6331043Z Copying Applications.FR
2022-08-17T07:46:01.6331402Z C:\dl\sandbox\20.5.45140.0\fr\Applications.FR
2022-08-17T07:46:01.6331780Z Copying dependencies
2022-08-17T07:46:23.5971178Z Copying ReportBuilder
2022-08-17T07:46:25.7956952Z Importing PowerShell Modules
2022-08-17T07:46:32.3508626Z Restoring CRONUS Demo Database
2022-08-17T07:46:33.4263125Z Setting CompatibilityLevel for tenant on localhost\SQLEXPRESS
2022-08-17T07:47:21.0704711Z Exporting Application to CRONUS
2022-08-17T07:47:28.7361728Z Removing Application from tenant
2022-08-17T07:47:28.7362742Z Modifying Business Central Service Tier Config File for Docker
2022-08-17T07:47:29.8302126Z Creating Business Central Service Tier
2022-08-17T07:47:29.8305012Z Installing SIP crypto provider: 'C:\Windows\System32\NavSip.dll'
2022-08-17T07:47:40.8129529Z Starting Business Central Service Tier
2022-08-17T07:47:40.8130429Z Importing license file
2022-08-17T07:47:40.8130990Z Copying Database on localhost\SQLEXPRESS from tenant to default
2022-08-17T07:47:41.8996997Z Taking database tenant offline
2022-08-17T07:47:42.9841447Z Copying database files
2022-08-17T07:47:47.3098256Z Attaching files as new Database default
2022-08-17T07:47:47.3099222Z Putting database tenant back online
2022-08-17T07:47:47.3099795Z Mounting tenant database
2022-08-17T07:49:18.9529260Z Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
2022-08-17T07:49:20.0383013Z Sync'ing Tenant
2022-08-17T07:49:20.0384733Z Tenant is Operational
2022-08-17T07:49:20.0386645Z Stopping Business Central Service Tier
2022-08-17T07:49:20.0388200Z Installation took 215 seconds
2022-08-17T07:49:20.0388781Z Installation complete
2022-08-17T07:49:21.1240011Z Initializing...
2022-08-17T07:49:21.1240720Z Setting host.containerhelper.internal to 172.31.112.1 in container hosts file
2022-08-17T07:49:21.1241198Z Starting Container
2022-08-17T07:49:21.1241802Z Hostname is bc-master
2022-08-17T07:49:21.1242470Z PublicDnsName is ***.capvision-cloud.fr
2022-08-17T07:49:21.1243443Z WARNING: Container starts with TimeZone = Temps universel coordonné, which is not recognized in the list of TimeZones.
2022-08-17T07:49:21.1244404Z Using AccessControlService Authentication
2022-08-17T07:49:22.2229038Z Certificate File Thumbprint DB***E
2022-08-17T07:49:22.2230098Z Import Certificate to LocalMachine\my
2022-08-17T07:49:22.2230854Z Modifying Service Tier Config File with Instance Specific Settings
2022-08-17T07:49:22.2231596Z Modifying Service Tier Config File with settings from environment variable
2022-08-17T07:49:22.2232489Z Setting ValidAudiences to 90***-***-***-***-***8c;https://api.businesscentral.dynamics.com
2022-08-17T07:49:22.2233715Z Setting DisableTokenSigningCertificateValidation to True
2022-08-17T07:49:22.2234560Z Setting ExtendedSecurityTokenLifetime to 24
2022-08-17T07:49:23.3170892Z Setting ClientServicesCredentialType to NavUserPassword
2022-08-17T07:49:32.0822681Z Starting Service Tier
2022-08-17T07:49:32.0823721Z CertificateThumprint DB***E
2022-08-17T07:49:32.0824230Z Registering event sources
2022-08-17T07:49:32.0824590Z Creating DotNetCore Web Server Instance
2022-08-17T07:49:32.0825050Z Using application pool name: BC
2022-08-17T07:49:32.0825714Z Using default container name: NavWebApplicationContainer
2022-08-17T07:49:35.3815325Z Copy files to WWW root C:\inetpub\wwwroot\BC
2022-08-17T07:49:36.4722366Z Create the application pool BC
2022-08-17T07:49:38.6722282Z Create website: NavWebApplicationContainer with SSL
2022-08-17T07:49:38.6723185Z Update configuration: navsettings.json
2022-08-17T07:49:38.6725488Z Done Configuring Web Client
2022-08-17T07:49:38.6726161Z Modifying Web Client config with settings from environment variable
2022-08-17T07:49:38.6727175Z Setting AadApplicationId to 90***-***-***-***-***8c
2022-08-17T07:49:38.6728871Z Setting AadAuthorityUri to https://login.microsoftonline.com/***
2022-08-17T07:49:38.6729567Z Enabling Financials User Experience
2022-08-17T07:49:38.6730240Z Using license file 'c:\run\my\license.bclicense'
2022-08-17T07:49:44.2141557Z Import License
2022-08-17T07:49:44.2142269Z Dismounting Tenant
2022-08-17T07:49:44.2142755Z Mounting Tenant
2022-08-17T07:49:44.2143261Z Setting AadTenantId to capvision.fr
2022-08-17T07:49:51.9445520Z Mounting Database for default on server localhost\SQLEXPRESS with AllowAppDatabaseWrite = False
2022-08-17T07:49:51.9446709Z Sync'ing Tenant
2022-08-17T07:49:51.9447255Z Tenant is Operational
2022-08-17T07:49:53.0443612Z Creating http download site
2022-08-17T07:49:53.0444210Z Setting SA Password and enabling SA
2022-08-17T07:49:57.4176556Z Creating nicolas.saleron as SQL User and add to sysadmin
2022-08-17T07:50:01.7573546Z Creating SUPER user
2022-08-17T07:50:01.7574345Z Container IP Address: 172.31.127.166
2022-08-17T07:50:01.7574912Z Container Hostname  : bc-master
2022-08-17T07:50:01.7575562Z Container Dns Name  : ***.capvision-cloud.fr
2022-08-17T07:50:01.7576249Z Web Client          : https://***.capvision-cloud.fr/BC/?tenant=default
2022-08-17T07:50:01.7577006Z Dev. Server         : https://***.capvision-cloud.fr
2022-08-17T07:50:01.7577611Z Dev. ServerInstance : BC
2022-08-17T07:50:01.7578164Z Dev. Server Tenant  : default
2022-08-17T07:50:01.7578795Z Setting bc-master-default to 127.0.0.1 in container hosts file
2022-08-17T07:50:01.7579109Z 
2022-08-17T07:50:01.7579490Z Files:
2022-08-17T07:50:01.7580246Z http://***.capvision-cloud.fr:8080/ALLanguage.vsix
2022-08-17T07:50:01.7580681Z 
2022-08-17T07:50:01.7581336Z WARNING: You are running a container which is 159 days old.
2022-08-17T07:50:01.7582262Z Microsoft recommends that you always run the latest version of our containers.
2022-08-17T07:50:01.7582675Z 
2022-08-17T07:50:01.7583262Z Container Total Physical Memory is 12.5Gb
2022-08-17T07:50:01.7583898Z Container Free Physical Memory is 9.5Gb
2022-08-17T07:50:01.7584180Z 
2022-08-17T07:50:01.7584485Z Initialization took 42 seconds
2022-08-17T07:50:01.7584846Z Ready for connections!
2022-08-17T07:50:02.2132240Z Reading CustomSettings.config from bc-master
2022-08-17T07:50:03.1093913Z Creating Desktop Shortcuts for bc-master
2022-08-17T07:50:03.2635593Z Container bc-master successfully created
2022-08-17T07:50:03.5409436Z 
2022-08-17T07:50:03.5419179Z Use:
2022-08-17T07:50:03.5439665Z Get-BcContainerEventLog -containerName bc-master to retrieve a snapshot of the event log from the container
2022-08-17T07:50:03.5461848Z Get-BcContainerDebugInfo -containerName bc-master to get debug information about the container
2022-08-17T07:50:03.5484508Z Enter-BcContainer -containerName bc-master to open a PowerShell prompt inside the container
2022-08-17T07:50:03.5508818Z Remove-BcContainer -containerName bc-master to remove the container again
2022-08-17T07:50:03.5529881Z docker logs bc-master to retrieve information about URL's again
2022-08-17T07:50:04.3828634Z ##[section]Finishing: Create container

Screenshots

Additional context I have noticed the following things that differ from the doc and might be the cause (but it does not solve the issue).

On the NST: WSFederationLoginEndpoint does not contain wreply in the query string (https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintool#task-4-configure-) ClientServicesCredentialType is set to NavUserPassword, I think it should be AccessControlService

On the web server, The doc specifies that on BC 20, UseLegacyAcsAuthentication must be set to true (https://docs.microsoft.com/en-us/dynamics365/business-central/dev-itpro/administration/authenticating-users-with-azure-active-directory?tabs=singletenant%2Cadmintool#task-5-configure-).

freddydk commented 2 years ago

Yeah, some stuff was changed in 20 which requires the AAD app to be different. Setting the legacy field means that you can use the "old" aad app registration, but you should instead create a new AAD app registration, which works with both.

This code works for me:

$containerName = "bcserver"
$licenseFile = $LicenseFileSecret.SecretValue | Get-PlainText
$credential = New-Object pscredential -ArgumentList 'admin', $PasswordSecret.SecretValue
$artifactUrl = Get-BCArtifactUrl -country us
$aadCredential = New-Object pscredential -ArgumentList ($AadUserNameSecret.SecretValue | Get-PlainText), $AadPasswordSecret.SecretValue

$useSSL = $true
$params = @{ "useSSL" = $useSSL }
if ($useSSL) {
    $protocol = "https://"
    $params += @{
        "isolation" = "hyperv"
        "installCertificateOnHost" = $true
    }
}
else {
    $protocol = "http://"
}

$aadTenant = "12ad5b0b-86c3-4df1-a022-a2083f9909a8"
$aadDomain = $aadCredential.UserName.Split('@')[1]
$appIdUri = "$protocol$containerName.$aadDomain/BC"

#   _____                _                              _                          ______         ____   _____ 
#  / ____|              | |              /\            | |   /\                   |  ____|       |  _ \ / ____|
# | |     _ __ ___  __ _| |_ ___ ______ /  \   __ _  __| |  /  \   _ __  _ __  ___| |__ ___  _ __| |_) | |     
# | |    | '__/ _ \/ _` | __/ _ \______/ /\ \ / _` |/ _` | / /\ \ | '_ \| '_ \/ __|  __/ _ \| '__|  _ <| |     
# | |____| | |  __/ (_| | |_  __/     / ____ \ (_| | (_| |/ ____ \| |_) | |_) \__ \ | | (_) | |  | |_) | |____ 
#  \_____|_|  \___|\__,_|\__\___|    /_/    \_\__,_|\__,_/_/    \_\ .__/| .__/|___/_|  \___/|_|  |____/ \_____|
#                                                                 | |   | |                                    
#                                                                 |_|   |_|                                    

Write-Host "AAD Tenant: $aadTenant"
Write-Host "AAD Domain: $aadDomain"
Write-Host "AppIdUri: $appIdUri"

$AdProperties = Create-AadAppsForBC `
    -AadAdminCredential $aadCredential `
    -appIdUri $appIdUri `
    -publicWebBaseUrl "$protocol$containerName/BC" `
    -PreAuthorizePowerShell `
    -IncludeApiAccess `
    -IncludePowerBiAadApp `
    -IncludeExcelAadApp `
    -IncludeEmailAadApp

#  _   _                      ____        _____            _        _                 
# | \ | |                    |  _ \      / ____|          | |      (_)                
# |  \| | _____      ________| |_) | ___| |     ___  _ __ | |_ __ _ _ _ __   ___ _ __ 
# | . ` |/ _ \ \ /\ / /______|  _ < / __| |    / _ \| '_ \| __/ _` | | '_ \ / _ \ '__|
# | |\  |  __/\ V  V /       | |_) | (__| |____ (_) | | | | |_ (_| | | | | |  __/ |   
# |_| \_|\___| \_/\_/        |____/ \___|\_____\___/|_| |_|\__\__,_|_|_| |_|\___|_|   
#                                                                                     

New-BcContainer @params `
    -containerName $containerName `
    -accept_eula `
    -artifact $artifactUrl `
    -auth AAD `
    -Credential $credential `
    -licenseFile $licenseFile `
    -updatehosts `
    -AuthenticationEMail $AadCredential.UserName `
    -AadTenant $aadTenant `
    -AadAppId $AdProperties.SsoAdAppId `
    -AadAppIdUri $appIdUri `
    -runSandboxAsOnPrem -dns '8.8.8.8' `
    -additionalParameters @("--env customNavSettings=ExcelAddInAzureActiveDirectoryClientId=$($AdProperties.ExcelAdAppId)")

nicolassaleron commented 2 years ago

That was as easy as recreating the app in Azure, thank you!

microsoft / navcontainerhelper

Container with AAD authentication #2640