Trying to get Azure AD Auth working but getting a 500 error

So here my code (the <> bits have real values obviously)
Import-Module UniversalDashboard

$Page1 = New-UDPage -Name "Page One" -Icon mail_bulk -Content { 
  New-UDCard -Title "Some Data" -Content {
  } 
}

$Page2 = New-UDPage -Name "Page Two" -Icon home -Content { 
  New-UDCard -Title "Same Data" -Endpoint {
  } 
}

$Certificate = (Get-ChildItem -Path Cert:\LocalMachine\My\BF9093F027586CEB480CA21D8EB0B185F17939DB)

$AzureADParams = @{
  ClientID = '<MY ACTUAL CLIENT ID>'
  Instance = 'https://login.microsoftonline.com'
  Domain   = '<MY DOMAIN>.onmicrosoft.com'
  TenantID = '<MY ACTUAL TENANT ID>'
}

$AuthenticationMethod = New-UDAuthenticationMethod @AzureADParams

$LoginPage = New-UDLoginPage -AuthenticationMethod $AuthenticationMethod #-AuthorizationPolicy $AuthPolicy

$ServiceOps = New-UDDashboard -Title "ServiceOps" -Pages @($Page1, $Page2) -LoginPage $LoginPage

Stop-UDDashboard -Name "ETS ServiceOps"
Start-UDDashboard -Port 443 -Dashboard $ServiceOps -Name "ServiceOps"  -Certificate $Certificate 

But when I get redirected to AzureAD and sign in the return URL https:///signin-oidc gets a 500 error.

Any way I can troubleshoot this?

It works fine without the login page stuff.

PSVersion: 5.1.17763.592
UniversalDashboard: 2.4.1

Your code works.

Can you remove your Stop-UDDashboard statement and add the -Force parameter to Start-UDDashboard instead ?

In your current code, you stop a dashboard called “ETS ServiceOps” but start one called “ServiceOps”
(Start-UDDashboard -Force will stop the dashboard first if it exists.)

But when I get redirected to AzureAD and sign in the return URL https:///signin-oidc gets a 500 error.

Just to be sure, you mean that you are redirected to https://MyDomain.com/Signin-oidc right ?

Are you launching your script from VSCode / ISE or by another mean ?

I was launching from VSCode using Start without debugging.

Start-UDDashboard doesnt have a -force parameter. I took out the stop though and started the script from a powershell prompt user and admin level. Same problem.

I removed the certificate parameter set the port to 1000 added the allowhttpforlogin switch and set the url in the AzureAD app to *http:\\localhost:1000\signin-oidc
I then ran the script and used a browser on the local server and went to *http:\\localhost:1000 which showed the login page that I clicked on and then signed in to Azure AD. I then get redirected to *http:\\localhost:1000\signin-oidc that gives a 500 error.

This is on a Windows Server 2019 server which I didn’t mention before.

*Slashes swapped to make them not URL’s so I can post

@andrew.wood.wb
I just recently had a very similar issue. I’m hosting a dashboard via Azure App Services. Every time I tried to login, I got the same useless 500 error. After digging into the actual calls, I found out the App Registration wasn’t passing the Oath token back to the reply URL. That means that UD had no idea if you’re authenticated or not, and blows up.

To fix this, go to the app registration for your dashboard in Azure AD, click “Authentication”, and ensure that these 2 boxes are checked:


It might not be necessary to have both, but for safety’s sake, I leave them checked.

I hope this works for you. Good luck!

OK, I fixed it.

Whilst jmkinight2’s suggestion wasn’t actually the problem for me it did force me to look at the settings again and I made a change that fixed it.

It appears that the AzureAD Portal has a new UI for adding apps so that now when you add a Reply URL its called a Redirect URI and you must endure the Type is set to Public Client (mobile & desktop) for it to work.