Are there any provider hosted add-ins for SharePoint?

Are there any provider hosted add-ins for SharePoint?

You have existing, deployed provider-hosted add-ins (PHA) that are registered as RegisteredIssuerName and that contain the original farm RealmID value for your SharePoint 2013 or SharePoint 2016 farm, and/or you created a Workflow Manager association in your farm.

What causes SharePoint hybrid features to stop working?

Configuring SharePoint hybrid features for SharePoint 2013 or SharePoint 2016 disrupts server-to-server (S2S) trusts that are created before you configure hybrid features.

Why are my add in’s not working in SharePoint?

This causes add-ins to stop working, as explained in the “Symptoms” section. To restore SharePoint add-in functionality, register the provider-hosted add-ins by using the RegisteredIssuerName value that contains the new realm ID. Then, reapply the add-in permissions for each add-in instance.

How are SharePoint add ins associated with sptrustedsecuritytokenissuers?

SharePoint add-ins are associated with SPTrustedSecurityTokenIssuers by using the IssuerId value. On request, an add-in tries to get a token from the Secure Token Service issuer (STS). The token issuers are tied to the authentication realm. After the realm is changed, the SharePoint add-ins can no longer authenticate successfully.

Can a PHAs be an externally hosted service?

PHAs may include an externally hosted web application, service, database, or SharePoint component. This problem does not exist if you configure hybrid features first, and then deploy provider-hosted add-ins and/or Workflow Manager in a SharePoint 2013 or SharePoint 2016 farm.

Why does my ULS server not authenticate my request?

The following error message is logged to ULS logs and clearly indicates that the token issuer is no longer trusted because its RealmID value no longer matches the farm: SPApplicationAuthenticationModule: Failed to authenticate request, unknown error.

Why is my provider hosted add-in not authenticating?

The actual RegisteredIssuerName value is IssuerId@OldAuthRealmGuid, in which the oldAuthRealmGuid value no longer matches the current AuthRealmGuid value. The add-in fails to authenticate because the STS can’t find a matching token issuer.