-
Notifications
You must be signed in to change notification settings - Fork 21.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verification of publisher domain failed #39665
Comments
Hey @xkobal thanks for your feedback, currently we're investigating this and will get back to you as soon as possible. |
Hey @xkobal could you provide the configurations you're using? Could you also please provide a screenshot of the error that you're seeing? |
I see, what is the application ID you're using? Are you sure that the app id is correct? |
I see, is this a new AAD Application or is this an older AAD Application Registration? |
It's an old AAD application registration. It's same with another application. |
hey @xkobal and @seagull33 we're currently looking into this issue and will let you know next steps to resolve this. Thanks for letting us know about this, |
I have created another application call 'test', id: "dc0a40ac-6182-4563-ade8-5e8174ed6343" The error is the same. I have forgot a point in my first message, when I click on "Verify and save domain", there is no call on the hosted file. |
Hey @xkobal to clarify not a new application. try using a NEW USER in the AAD Tenant that was newly created or created after the AAD Tenant was created. |
Hi, I'm having same issue here... here is my endpoint to my domain verification: https://genial.ly/.well-known/microsoft-identity-association.json I have adapted my Express NodeJS application to return the Content-Type to 'application/json' but I can't remove the charset part (security reasons of Express package): This is the error that I have:
Can you please tell me what is wrong? Thanks! |
Hello, This is a different error from what this original github issue is referring to. |
Thanks @FrankHu-MSFT. If another came here for the same problem with Node, I solved the problem with this code:
|
thanks for providing your solution on this thread! We definitely appreciate it @chemitaxis ! |
Hey @xkobal and @Seagull3 I'm following up on this issue. Can you please confirm whether or not the solution of using a new user in the AAD tenant resolves the issue? If there's no response by end of day tomorrow I will be closing out this issue. If you have anymore issues please open a new git issue with a reference to this issue. Thanks,
|
@FrankHu-MSFT as my applications are "Applications from personal account", if I create another user, it can see my applications so I can't test. |
Hey @pierrepinard-2 @xkobal @seagull33 unfortunately the reason that this is happening is because an application from a personal account cannot be utilized to verify the application. You will need to create a new AAD Application under the new AAD user, That is when you follow these steps the app domain verification will NOT work:
This sort of functionality unfortunately does not work. You will need to create a new app under a new AAD User in the newly created AAD tenant. I apologize for the inconvenience, let me know if this resolves your issue. |
@FrankHu-MSFT For me it's a major issue than Applications from personal account cannot verify their domain |
hello @xkobal I understand that, and apologize for the issues that this is causing. Unfortunately that is the only resolution there is for this sort of issue.
We're looking into this issue and are working to resolve this, I apologize again for the issues that this may cause. As this github issue has been resolved within the scope of this issue, I will be closing out this github issue by end of day. If you have anymore issues please file a new github issue with a reference to this github issue. |
Download fresh from Azure and put in my domain, but still failed. Any update on this? |
Having the same issue here. Postman and Chome indicates the content type is "application/json". I tried creating a new user in the portal as you suggested but that doesn't fix the issue. |
@neobie , did you solved your issue by any chance? |
I am getting the same error as @abraunegg when hosting page on GitHub pages with custom domain. When I copy and paste the following link I can see the JSON, so I know it is there:
It is just a simple (note: I had to add a Edit: There is related discussion here: https://stackoverflow.com/a/33619500 which references: https://github.com/jshttp/mime-db and it looks like https://github.com/jshttp/mime-db/blob/master/src/nginx-types.json#L11 |
@oshihirii , @veler , @neobie I have attempted to get this resolved in 3 different area's as per above ... all folk appear not interested in fixing this issue. |
thanks for the update @abraunegg , yes i can see you and others have been very thorough in researching the issue and articulating all the points, hopefully something is done soon. i had a thought...to verify the domain another way: https://docs.microsoft.com/en-us/microsoft-365/admin/setup/add-domain?view=o365-worldwide So what I did was just complete the first two steps, ie add a text record to the domain and verify. I did not continue to add more records for email etc (because i don't need that setup). And then when I went back to the Branding page for the application and clicked Disclaimer: I have no idea if this will create some unintended/undesired consequences, but atleast I could get the domain verified and select it. |
@oshihirii The issue is clear, the solution is clear - MS need to update the validation to ignore charset if it is set .. very easy to do & fix. |
@abraunegg - ah sorry, i see, i forgot you didn't have a custom domain for it (i do, but am hosting on GitHub pages as well). yes, I think your conclusion seems correct. (in case anyone needs it, and i am sure there are hundreds of other competitors, namesilo.com has cheap domain registration (with DNS management) or you can use a more basic domain registrar and then cloudflare (to add text records etc)). |
@FrankHu-MSFT |
We've started seeing this across some of our Azure subscriptions as well. Verifying domains the same way we have done over the last few years does not work anymore, with the error:
For reference, this very approach have worked for a long time. Only recently when we needed to verify yet another set of applications, it started to fail with the above message. It does indeed seem like the issue are with Azure, or some change in how verification works. |
@Mike-Ubezzi-MSFT |
@abraunegg This docs channel is best suited for raising issues with the documentation. If there is a specific doc issue, please open a new issue and I will redirect it to the Identity and Security engineering team to address the documentation. If you are experiencing a product issue, please create a support request. The original issue raised here was resolved, and it appears there is a second issue that is not documentation specific and opening a support request is the appropriate action to take. |
Unfortunately, the proposed solution as articulated here #39665 (comment) is ineffective at this point. This may be the result of further backend changes to the validation system on the Microsoft side, but at this point, ticket closure is inappropriate. I've forwarded header details to @FrankHu-MSFT as requested in the related documentation thread, and look forward to the followup. |
I'm baffled that this bug hasn't been fixed. charset is a part of http header on the internet. Did you test this at all? Most people can't remove the charset header on their resources. Please fire the intern that wrote and tested this piece of shit. It's Microsoft "not quite compliant" standard mode of operations yet again. Just fix it, ok? Why event care about the header? There are no simple workarounds and a clear bug. |
For me the error code was IL2U4. I fixed it by going into IIS, MIME Types, and changing the type for .JSON to "application/json". It's pretty ridiculous how bad Microsoft error messages are. And in any case, why does the MIME type even matter? The programmers at Microsoft are just really incompetent, I've seen it in a thousand different ways over the decades. |
I have the same issue...this is a bug, no ifs and or buts about it. This is ridiculous the amount of time app developers have to spend debugging, searching the internet and attempting to modify core accepted standards to comply with this ridiculous constraint. The qualification doesn't even make sense. Echoing a comment I saw elsewhere, surely the only checks required are:
The charset shouldn't matter.. Fix this bug, please. |
Given that this issue is closed and the original issue is unrelated to the comments the rest of us are having, I've created a new issue here. |
The previous answer for Node no longer works because Azure AD also requires the Content-Length header. You can get the Content-Length with Buffer:
It's crazy that this problem still exists. |
There should be memes about this bug. It's been around as long as Rick Astley. |
Unfortunately, I also encountered this problem and wasted a lot of time. Since there is no workaround, does the variant have to be used via a custom domain? It's a shame that there is no uncomplicated solution here ... |
Same here, problem still persists. Microsoft, microsoft ... |
As of February 2, 2021, this actually worked fine for me after I started looking into it in September 2020. If you're hitting the problem still, are you 100% sure it's the same exact issue? |
Chiming in here as I did in taylorchasewhite issue/thread.. this is still an issue as of April 10,2023...
|
Posting this here for folks who spent hours, searching different threads of the same issue. Add a custom domain and just update the TXT or MX records in your DNS and Azure will verify the domain that way instantly. |
Whilst this will work for domains in your control, this will not work for domains where you have no DNS control - such as websites delivered by GitHub - The whole point of uploading an identity association is so that Azure Application ID's can be flagged as a Verified Publisher rather than an Unverified Publisher. Because of this issue, the Linux OneDrive Client that I am the developer of - when you go to 'approve' the use of the application, the Microsoft OneDrive site states the the application provider is 'unverified' - this is despite the This needs to be fixed by Microsoft in a number of places. |
Nope it won’t.
Azure should fix the json problem but most folks have access or can get to someone who can change dns records (temp) for a domain. This will work for webflow, Squarespace, any website builders where you bring your own domain.
This will also work for someone self hosting naturally.
Yea 100%, I agree with your scenario but based on reading most of the comment threads I think the following is worth the cost.
Buying a domain for under 10 bucks and using that domain as redirect to GitHub or wherever could be worth it vs this headache and dead end for years.
Not sure if that works in your specific case though.
…On Apr 11, 2023 at 17:43 -0400, abraunegg ***@***.***>, wrote:
> Posting this here for folks who spent hours, searching different threads of the same issue. I found this deep into one thread, instead of fighting this issue there is an entirely different way to verify domains. https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain
> Add a custom domain and just update the TXT or MX records in your DNS and Azure will verify the domain that way instantly. This was simpler and has worked for 3 domains so far.
Whilst this will work for domains in your control, this will not work for domains where you have no DNS control - such as websites delivered by GitHub - .github.io for example.
The whole point of uploading an identity association is so that Azure Application ID's can be flagged as a Verified Publisher rather than an Unverified Publisher.
Because of this issue, the Linux OneDrive Client that I am the developer of - when you go to 'approve' the use of the application, the Microsoft OneDrive site states the the application provider is 'unverified' - this is despite the microsoft-identity-association.json file being present on the website.
This needs to be fixed by Microsoft in a number of places.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you commented.Message ID: ***@***.***>
|
Sending this here for possible solutions and to any further visitors.
You can see this play out when you use curl to request the file
Hope this helps someone. |
Hi,
I am trying to validate my Publisher domain on a working Personal Account Application.
And when I validate the domain, I have this undocumented error:
"Verification of publisher domain failed. The application was not found. If the application was just created, wait a few minutes and refresh the page. [A9fLj]"
The content-type is correct "application/json"
Can you help me ?
Best regards.
Xavier HAUSHERR
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: