When creating a request to assign an app to an AD group in Azure Intune using the graph API, i get the following response.
{ "error": {
"code": "ModelValidationFailure",
"message": "Cannot create an abstract class.",
"innerError": {
"message": "Cannot create an abstract class.",
"request-id": "removed",
"date": "removed"
} }}
and here's my post data
{ "#odata.type": "#microsoft.graph.mobileAppAssignment", "intent": "required", "target": { "#odata.type": "microsoft.graph.groupAssignmentTarget", "groupId": "removed" }, "settings": { "#odata.type": "microsoft.graph.mobileAppAssignmentSettings"}}
Here's the reference i've used to generate the json data: https://learn.microsoft.com/en-us/graph/api/intune-apps-mobileappassignment-create?view=graph-rest-beta
And I'm not sure if it something to do with my json input or if the graph api endpoint has an issue.
microsoft.graph.mobileAppAssignmentSettings is an abstract class. You'll need to provide a concrete implementation of assignment settings e.g. microsoftStoreForBusinessAppAssignmentSettings or iosStoreAppAssignmentSettings.
Your post data in this case could be:
{
"#odata.type": "#microsoft.graph.mobileAppAssignment",
"intent": "required",
"target": {
"#odata.type": "microsoft.graph.groupAssignmentTarget",
"groupId":"removed"
},
"settings": {
"#odata.type": "microsoft.graph.microsoftStoreForBusinessAppAssignmentSettings",
"useDeviceContext":"true"
}
}
Related
I have a logic app with started when there is a message in serviceBus queue. The message is being published to the service bus from the DevOps pipeline using "PublishToAzureServiceBus" as a JSON message or from the pipeline webhook.
But getting an issue while converting a message from service bus to original JSON format, not able to get valid JSON object. It's getting append with some Serialization object.
I have tried with base64 decode, and JSON converts but have not been able to get success.
Below is the content of the message it looks like.
Any pointer on how can solve this?
Sample message sent
{
"id": "76a187f3-c154-4e60-b8bc-c0b754e54191",
"eventType": "build.complete",
"publisherId": "tfs",
"message": {
"text": "Build 20220605.8 succeeded"
},
"detailedMessage": {
"text": "Build 20220605.8 succeeded"
},
"resource": {
"uri": "vstfs:///Build/Build/288",
"id": 288,
"buildNumber": "20220605.8",
"url": "https://dev.azure.com/*******/_apis/build/Builds/288",
"startTime": "2022-06-05T14:47:01.1846966Z",
"finishTime": "2022-06-05T14:47:16.7602096Z",
"reason": "manual",
"status": "succeeded",
"drop": {},
"log": {},
"sourceGetVersion": "LG:refs/heads/main:********",
"lastChangedBy": {
"displayName": "Microsoft.VisualStudio.Services.TFS",
"id": "00000000-0000-0000-0000-000000000000",
"uniqueName": "***************"
},
"retainIndefinitely": false,
"definition": {
"definitionType": "xaml",
"id": 20,
"name": "getReleaseFile",
"url": "https://dev.azure.com/************/_apis/build/Definitions/20"
},
"requests": [
{
"id": 288,
"url": "https://dev.azure.com/B*****/**********/_apis/build/Requests/288",
"requestedFor": {
"displayName": "B*****.sag",
"id": "*******",
"uniqueName": "B**********"
}
}
]
},
"resourceVersion": "1.0",
"resourceContainers": {
"collection": {
"id": "*******",
"baseUrl": "https://dev.azure.com/B*****/"
},
"account": {
"id": "******",
"baseUrl": "https://dev.azure.com/B*****/"
},
"project": {
"id": "**********",
"baseUrl": "https://dev.azure.com/B*****/"
}
},
"createdDate": "2022-06-05T14:47:28.6089499Z"
}
Message received
#string3http://schemas.microsoft.com/2003/10/Serialization/�q{"id":"****","eventType":"build.complete","publisherId":"tfs","message":{"text":"Build 20220605.8 succeeded"},"detailedMessage":{"text":"Build 20220605.8 succeeded"},"resource":{"uri":"vstfs:///Build/Build/288","id":288,"buildNumber":"20220605.8","url":"https://dev.azure.com/*****/********/_apis/build/Builds/288","startTime":"2022-06-05T14:47:01.1846966Z","finishTime":"2022-06-05T14:47:16.7602096Z","reason":"manual","status":"succeeded","drop":{},"log":{},"sourceGetVersion":"LG:refs/heads/main:f0b1a1d2bd047454066cf21dc4d4c710bca4e1d7","lastChangedBy":{"displayName":"Microsoft.VisualStudio.Services.TFS","id":"00000000-0000-0000-0000-000000000000","uniqueName":"******"},"retainIndefinitely":false,"definition":{"definitionType":"xaml","id":20,"name":"getReleaseFile","url":"https://dev.azure.com/******/_apis/build/Definitions/20"},"requests":[{"id":288,"url":"https://dev.azure.com/*****/******/_apis/build/Requests/288","requestedFor":{"displayName":"baharul.sag","id":"******","uniqueName":"baharul.*****"}}]},"resourceVersion":"1.0","resourceContainers":{"collection":{"id":"3*****","baseUrl":"https://dev.azure.com/*****/"},"account":{"id":"******","baseUrl":"https://dev.azure.com/*****/"},"project":{"id":"*******","baseUrl":"https://dev.azure.com/*****/"}},"createdDate":"2022-06-05T14:47:28.6089499Z"}
When reading message from service bus in peek mode can see as below where <#string3http://schemas.microsoft.com/2003/10/Serialization/��> is appended to json string
Publish using PublishToAzureServiceBus from Azure pipeline.
Publish from Azure DevOps project webhook
I believe what is happening is that you have two different types of serialisation in the body of the brokered message created by the PublishToAzureServiceBus task. This is because the brokered message only supports binary content.
So the json is initially serialised as a binary string using the data contract serialiser.
How to solve this? Do the following before passing to your json deserialiser - unfortunately the logic app isn't doing this:
byte[] messageContent = brokeredMessage.GetBody<byte[]>();
string messageContentStr = Encoding.UTF8.GetString(messageContent);
I probably wouldn't use a logic app to do the reading of the message because to insert c# like I suggest you're gonna need to call an azure function or similar. I'd create an azure function to read your messages as above.
I am trying to create a schema extension in Microsoft Graph API.
But it has failed with error message "Property type is invalid for target types".
POST https://graph.microsoft.com/v1.0/schemaExtensions
Content-type: application/json
{
"id":"extendedData",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"Event"
],
"properties": [
{
"name": "courseId",
"type": "Integer"
},
{
"name": "materialId",
"type": "Integer"
},
{
"name": "courseType",
"type": "String"
}
]
}
Response
{
"error": {
"code": "BadRequest",
"message": "Property type is invalid for target types.",
"innerError": {
"date": ...,
"request-id": ...,
"client-request-id": ...
}
}
}
Why can't I create a schema extension and what error means?
Integer type in properties is not supported for Event targetTypes based on Supported property data types.
You could change them to String.
Please note that you may will encounter a new error: Attempt to update complex extension definition on application: dexxxxx5-d9f9-48b1-a8ad-b7xxxxx25064 belonging to different context.
If you get this error, it means you still need to put an owner property in the JSON payload. (If you don't get this error, it's unnecessary to put owner property)
Register an Azure AD app and put the application id as the owner.
POST https://graph.microsoft.com/v1.0/schemaExtensions
Content-type: application/json
{
"id":"extendedData",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"Event"
],
"owner": "{application id of an Azure AD app}",
"properties": [
{
"name": "courseId",
"type": "String"
},
{
"name": "materialId",
"type": "String"
},
{
"name": "courseType",
"type": "String"
}
]
}
In Azure Active Directory I created an app, in the manifest file I've update the appRoles with the following value:
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Client manager",
"id": "bf77e391-0bbf-4e33-854b-a384a5ac0630",
"isEnabled": true,
"description": "Client manager can manage all client actions.",
"value": "ClientManager"
}]
I updated my user so that my assigned role is no longer Default Access but is Client manager
With Graph api I'm trying to retrieve this assigned role.
I tried this uri but for some reason it will not return my role(s).
https://graph.microsoft.com/beta/me/appRoleAssignments?$filter=resourceId eq 04dcaab1-7219-4689-8510-4672e957ac11$select=appRoleId
But the response is:
{
"error": {
"code": "BadRequest",
"message": "Invalid filter clause",
"innerError": {
"request-id": "ce3cb456-956b-41c5-84a2-cdcdfe1ac3c5",
"date": "2018-11-05T20:54:08"
}
}
}
I could create a workaround requesting all my roles, for all my applications but this is something I would like to avoid. This would end up with the following uri:
https://graph.microsoft.com/beta/me/appRoleAssignments?$select=resourceId,appRoleId
and results in this json, where I need to filter out my applicationid.
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments(resourceId,appRoleId)",
"value": [
{
"appRoleId": "00000000-0000-0000-0000-000000000000",
"resourceId": "667cc3aa-00b9-4526-bde5-b81312ed5afb"
},
{
"appRoleId": "00000000-0000-0000-0000-000000000000",
"resourceId": "64b92ac1-4a56-478c-8774-5c584fb200e5"
},
{
"appRoleId": "bf77e391-0bbf-4e33-854b-a384a5ac0630",
"resourceId": "04dcaab1-7219-4689-8510-4672e957ac11"
}
]
}
I tried several solutions proposed on StackOverflow already but for some reason, all the eq filters don't work. I'm testing my query with the Graph explorer. My desired result should be something like this:
{
"#odata.context": "https://graph.microsoft.com/beta/$metadata#appRoleAssignments(appRoleId)",
"value": [
{
"appRoleId": "bf77e391-0bbf-4e33-854b-a384a5ac0630"
}
]
}
It seems not support to filter resourceId with https://graph.microsoft.com/beta/me/appRoleAssignments.
As mentioned in the doc:
Not all parameters are supported across all Microsoft Graph APIs, and support might differ significantly between the v1.0 and beta endpoints.
Also, if we filter the id with GET https://graph.microsoft.com/beta/me/appRoleAssignments?$filter=id eq 'xxxxxxx', it will work fine. So I think the format of the query should be correct, the only possibility is it is not supported as mentioned in the doc.
I'm trying SCIM 2.0 provisioning with Azure AD
As premise, I have SCIM a server for my product and I'm implementing PATCH endpoints for use with Okta and Microsoft Azure AD.
I'm done testing with Okta, so I'm trying with Azure AD now.
I read this post active-directory-scim-provisioning and the SCIM 2.0 Specification Section 3.5.2.
I set up an enterprise application on our Azure AD with the following mapping
Then, Azure AD sends the following JSON POST request to create users assigned to the application to my server:
POST:
{
"active": true,
"displayName": "$DISPLAY_NAME",
"emails": [
{
"primary": true,
"type": "work",
"value": "$EMAIL"
}
],
"externalId": "$EXTERNAL_ID",
"meta": {
"resourceType": "User"
},
"name": {
"formatted": "$FORMATTED"
},
"schemas": [
"urn:ietf:params:scim:schemas:core:2.0:User",
"urn:ietf:params:scim:schemas:extension:enterprise:2.0:User"
],
"userName": "$USER_NAME"
}
I can process the POST request correctly, but I am unable to consume the PATCH request from Azure AD.
PATCH:
{
"Operations": [
{
"op": "Replace",
"path": "name.givenName",
"value": [
{
"$ref": null,
"value": "$VALUE"
}
]
},
{
"op": "Replace",
"path": "name.familyName",
"value": [
{
"$ref": null,
"value": "$VALUE"
}
]
}
],
"schemas": [
"urn:ietf:params:scim:api:messages:2.0:PatchOp"
]
}
Is it correct (according to the specification) that the value attribute is of type Array, even if the target is a single-valued attribute? Is the use of the $ref attribute correct in this case?
Or did I misunderstand the specification?
They have fixed it Dec 18 2018 :)
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-provisioning-config-problem-scim-compatibility
They made a mistake on the value implementation for non-complex objects. You can read more about it here https://social.msdn.microsoft.com/Forums/lync/en-US/e2200b69-4333-41ea-9f51-717d316c7751/automatic-user-provisioning-scim-restful-patch-payload-issue?forum=WindowsAzureAD
I am trying to create schema extensions. I do have
"scp": "Directory.AccessAsUser.All" in token. Don't know for what reason it is failing.
https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/schemaextension_post_schemaextensions
POST https://graph.microsoft.com/beta/schemaExtensions
Content-type: application/json
{
"id":"courses",
"description": "Graph Learn training courses extensions",
"targetTypes": [
"Group"
],
"properties": [
{
"name": "courseId",
"type": "Integer"
},
{
"name": "courseName",
"type": "String"
},
{
"name": "courseType",
"type": "String"
}
]
}
error :
{
"error": {
"code": "Service_InternalServerError",
"message": "Encountered an internal server error.",
"innerError": {
"request-id": "1909aef3-b66d-48de-8204-0a41df0a27a8",
"date": "2017-07-17T13:07:20"
}
}
}
Unfortunately it looks like Microsoft Graph schema extensions is not supported in B2C tenant (please confirm if you are NOT using a B2C tenant - in which case this might be a different problem).
In the meantime (until we fix this issue), you'll need to use Azure AD Graph to register and use directory extensions.
Hope this helps,