EntraCP icon indicating copy to clipboard operation
EntraCP copied to clipboard
verified publisher icon Yvand

Role claims with onPremisesSamAccountName throws an exception

Open jesusfer opened this issue 4 months ago • 2 comments

Describe the problem We have configured the role claims to use onPremisesSamAccountName but we get the following exception during augmentation:

[EntraCP] Unexpected error while getting groups for user '[email protected]' from tenant 'xxx.onmicrosoft.com': ArgumentException: The Parsable does not contain a collection property.

We've tested other properties and they throw a similar error. Group's ID don't throw and work as expected.

We've tested this in two different SPS 2016 farms and both reproduce the issue.

To Reproduce Steps to reproduce the behavior:

  1. Open Central Administration, and click on Security.
  2. Open EntraCP Global configuration
  3. Scroll down to 'Group identifier settings'
  4. Change Identifier property to onPremisesSamAccountName.
  5. Log in with a user and check ULS for the error.

Version of EntraCP: ProductVersion FileVersion FileName

29.0.20250721 29.0.20250721 C:\Windows\Microsoft.Net\assembly\GAC_64\Yvand.EntraCP\v4.0_1.0.0.0__65dc6b5903b51636...

Relevant logs: [EntraCP] Starting augmentation for user '[email protected]'. ... [EntraCP] Graph returned success OK on request "https://graph.microsoft.com/v1.0/users/xxx-919a-4a83-a70f-674af838cf6f/memberOf" [EntraCP] Unexpected error while getting groups for user '[email protected]' from tenant 'xxx.onmicrosoft.com': ArgumentException: The Parsable does not contain a collection property [EntraCP] Got 0 groups in 713 ms for user '[email protected]' from tenant 'xxx.onmicrosoft.com' [EntraCP] Got no group in 713 ms for user '[email protected]'

jesusfer avatar Nov 07 '25 12:11 jesusfer

@jesusfer I confirm I can reproduce the same exception. I will investigate it more and update this issue with my progress. Thank you for taking the time to report this,

Yvand avatar Nov 10 '25 15:11 Yvand

I believe I have a fix for this issue in https://github.com/Yvand/EntraCP/pull/329, but I'm not entirely sure my scenario was similar to yours. I will do more tests later this week and keep you posted

Yvand avatar Nov 10 '25 16:11 Yvand

Ok, thanks. If you want me to test a beta version of the solution, let me know how to grab the wsp and I will.

jesusfer avatar Nov 11 '25 09:11 jesusfer

We've tested the release wsp from the GH actions output and can confirm it resolves the issue in both farms. We now see the groups in the logs and in the external token in the database. Thanks!

jesusfer avatar Nov 11 '25 10:11 jesusfer

@jesusfer thank you for this, that would be very useful indeed. I just published https://github.com/Yvand/EntraCP/releases/tag/nightly, which contains the fix in https://github.com/Yvand/EntraCP/pull/329. FYI it uses the exact same dependencies as the current latest release EntraCP v29.0 Please let me know the result

Yvand avatar Nov 12 '25 09:11 Yvand

@jesusfer ok, somehow I totally missed your comment from yesterday 😅 Many thanks for taking the time to test it! I'll merge the PR soon

Yvand avatar Nov 12 '25 13:11 Yvand