Jump to content

Azure AD account can't sign on to Service portal

Recommended Posts


I'm trying to get the service.hornbill.com up and running with Azure AD account but keep getting the following message when attempting to sign in: 

 Sorry, but we’re having trouble signing you in.

AADSTS700016: Application with identifier 'https://service.hornbill.com/<instancename>/lib/saml/auth/simplesaml/module.php/saml/sp/metadata.php/saml' was not found in the directory 'a2e3ffd3-d47e-4243-9fc7-14393f565845'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.
It does work on the live.hornbill.com but can't wrap my head around what is missing to make it work for service portal. All the basic users have the following roles: Basic User Role, MyLibrary Portal & Self Service User.
Link to comment
Share on other sites

Hi @James Ainsworth and @Victor

Thanks, I removed it on purpose haha :) Please see below for confirmation:


It's installed on Azure as well:


I noticed when I log on to live.hornbill.com, it's fine and I can navigate to the service portal just fine after. But when I log directly on to the Service Portal, it throws up the above error. I used the following link to configure it on both Azure and Hornbill Admin portal: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/hornbill-tutorial


Link to comment
Share on other sites

  • 2 weeks later...
  • 5 months later...

Hello AgentVinh and Victor,

I had been trying to transition for ADFS over to Azure AD for SSO, I had created 3 instance in Azure AD Enterprise Apps and imported the Metadata in to three different SSO profiles in Hornbill Admin however this didn't work, i was getting and Cert trust error.

To fix this I just setup one SSO Profile in both Azure AD and Hornbill Admin and added all three Identifier (Entity ID) URLs to the SSO profile in Azure AD, once that was done all was working.  

Now that I think about this it makes sense as when I had 3 profiles in both Hornbill would pass the auth to Azure AD which completed the auth and then send back a SSL Cert that hornbill received and as there was three profiles setup in Hornbill it didn't know which one to match it to.

I did try having just the one SSO Profile in Hornbill and three in Azure AD but that didn't work ether, again because each Azure Profile had its own Cert and Hornbill only trusted the one.

Hope that this helps someone else.





Link to comment
Share on other sites

On 11/29/2019 at 12:12 AM, grahambird80 said:

each Azure Profile had its own Cert and Hornbill only trusted the one

You can add multiple certificates on one Hornbill SSO profile... it does not have to be only one certificate per SSO profile...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...