People Picker strange behavior

Question

People Picker strange behavior

Opened this issue 7 days ago · 2 comments

I installed EntraCP version 27.0.20240820 on SharePoint 2016.
The installation process worked without any problems. I use tenant registration via client ID and app secret.
So far everything looks good, I get a token and there are no binding problems or anything like that.

If I want to set up a site collection admin and search for a user there, I get the desired hits after about 30 seconds and can set the site admin.

Strangely, no local AD users are listed there, but I think that's a different problem.

If I access the site collection with the assigned Entra ID site admin account, everything is OK.
If I want to share the site collection and try to add a user in the people picker, I get no hits (no results found). It is not possible to select a user.

No EntraCP action is logged in the ULS log.
This is an existing web application / site collection.

I then created a new web application and placed a new site collection on it. The application pool uses the same service account as the existing site collection.

Here, I can also set the site collection admin with an Entra ID user. If I now want to share with the People Picker and I search for a user, I get a hit for some users but not for others.

For example, if I search for the user "Sandra", I get all hits displayed. If I search for "Ute" I get an error message after a few seconds in the People Picker ("sorry, there are problems connecting to the server").

However, hits are listed in the ULS log:

EntraCP Lookup 1337 Medium [EntraCP] Got 30 users/groups in 253 ms from 'myTenant.onmicrosoft.com' with input 'sandra'
EntraCP Claims Picking 1337 Medium [EntraCP] Returned 30 entities from value 'sandra'

EntraCP Lookup 1337 Medium [EntraCP] Got 9 users/groups in 90 ms from 'myTenant.onmicrosoft.com' with input 'Ute'
EntraCP Claims Picking 1337 Medium [EntraCP] Returned 9 entities from value 'Ute'

If I write out the UPN completely and click on Share, I get the message that there are several matches, then I can click on the user in the People Picker and get a list of entries and can invite the user.

Does anyone have any advice?

Answer 1 · 2024-10-17T08:06:01.000Z

Ah, Problem 1 is solved. There ist a restriction in den web config file which limits users to already shared users.

For the second problem I have no idea what's going on and would be grateful for help.

Answer 2 · 2024-10-21T14:38:33.000Z

@AndyBandel can you type what is this web.config property you mentioned?

Regarding your 2nd issue, if I understand correctly, there is a mismatch between what the logs show (search in Entra went fine) VS the people picker, which returns an error.
Typically, I get this behavior when there is another claims provider causing trouble.
Can you please confirm if you repro this error, while the trusted provider associated to EntraCP is the only authentication provider in all the zones of the web app, ?