You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
│ Error: creating Application IdentifierUri (Application ID: <redacted>", IdentifierUri ID: "<redacted>"): ApplicationsClient.BaseClient.Patch(): unexpected status 400 with OData error: HostNameNotOnVerifiedDomain: Values of identifierUris property must use a verified domain of the organization or its subdomain: 'https://non-verified-host.com'
│
│ with azuread_application_identifier_uri.example_uri,
│ on cdk.tf.json line 90, in resource.azuread_application_identifier_uri.example_uri:
│ 90: }
│
│ creating Application IdentifierUri (Application ID:
│ "<redacted>", IdentifierUri ID:
│ "<redacted>"):
│ ApplicationsClient.BaseClient.Patch(): unexpected status 400 with OData
│ error: HostNameNotOnVerifiedDomain: Values of identifierUris property must
│ use a verified domain of the organization or its subdomain:
│ 'https://non-verified-host.com'
Expected Behavior
Applies identifier URI after application creation.
Actual Behavior
Creates application, but fails on applying the identifier URI.
Steps to Reproduce
terraform plan
terraform apply
Workarounds
Re-running terraform apply with same configuration applies the identifier URI without error.
If a corresponding service principal is added to the configuration, and a depends_on = azuread_service_principal.example_sp is added to the azuread_application_identifier_uri resource, the identifier URI is applied without error.
The text was updated successfully, but these errors were encountered:
nbaju1
changed the title
azuread_application_identifier_uri without verified hostnames not applying on first attempt
azuread_application_identifier_uri without verified hostname not applying on first attempt
May 27, 2024
nbaju1
changed the title
azuread_application_identifier_uri without verified hostname not applying on first attempt
azuread_application_identifier_uri without verified domain not applying on first attempt
May 27, 2024
Just realized that the first workaround is basically the same as the second. Creating the URI resource after the service principal is created will allow the unverified domain. Which is most likely due to identifierUris being used for both application registration identifier and SAML SSO config, where there is much more freedom in the syntax of the identifier compared to the identifier on the application registration.
So I assume this won't work at all for bare application registrations.
Community Note
Terraform (and AzureAD Provider) Version
Terraform v1.8.1
AzureAD Provider: 2.49.0
Affected Resource(s)
azuread_application_identifier_uri
Terraform Configuration Files
(Note that I use the CDKTF for Python, so the example is a manually written mock-up of the actual configuration)
Debug Output
Expected Behavior
Applies identifier URI after application creation.
Actual Behavior
Creates application, but fails on applying the identifier URI.
Steps to Reproduce
terraform plan
terraform apply
Workarounds
terraform apply
with same configuration applies the identifier URI without error.depends_on = azuread_service_principal.example_sp
is added to theazuread_application_identifier_uri
resource, the identifier URI is applied without error.The text was updated successfully, but these errors were encountered: