New-MgDomainFederationConfiguration command error with 2.26

[harrycguo]

Describe the bug

I am trying to federate my domain using Microsoft Graph API 2.26. I recently upgraded from 2.25.

Here is the script I am running:

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"

# Convert Domain to Managed Authentication
Update-MgDomain -DomainId $domain -AuthenticationType "Managed"

# Configure WS-Federation
$params = @{
    DisplayName                                  = $domain
    IssuerUri                                          = $issueruri
    PassiveSignInUri                             = $LogOnUrl
    SigningCertificate                          = $SigningCert
    SignOutUri                                     = $LogOffUrl
    PreferredAuthenticationProtocol = $Protocol
    FederatedIdpMfaBehavior            = "acceptIfMfaDoneByFederatedIdp"
}

# Conditionally add MetadataExchangeUri if a valid value is provided
if ($mex -ne "") {
    $params.MetadataExchangeUri = $mex
}

New-MgDomainFederationConfiguration -DomainId $domain -BodyParameter $params

I get the following error:

New-MgDomainFederationConfiguration : Invalid value specified for property 'issuerUri' of resource 'InternalDomainFederation'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-02-24T18:17:33
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : 3cf61a5f-28da-4c82-8e4b-d026ef8473ef
client-request-id             : bc17e38a-73e3-4ab9-b498-7fd8fe548b9b
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"South Central US","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"SN4PEPF00001E6F"}}
x-ms-resource-unit            : 1
Cache-Control                 : no-cache
Date                          : Mon, 24 Feb 2025 18:17:33 GMT
At C:\Users\sush\Documents\Untitled2.ps1:33 char:1
+ New-MgDomainFederationConfiguration -DomainId $domain -BodyParameter  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ DomainId = ar...ainFederation }:<>f__AnonymousType83`3) [New-MgDomainFed...guration_Create], Exception
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgDomainFederationConfiguration_Create

My Issuer URI value is:

$issueruri = "https://auth-us.beyondidentity.run/v1/tenants/000124e1a53a9862/realms/86462800e33b5b0b/applications/425cdfdd-f956-4f0b-b195-1f39890bd27d/ws-fed/FederationMetadata/2007-06/FederationMetadata.xml"

This worked with 2.25, but now fails with 2.26.

Expected behavior

The expected behavior is this that this command works, and spits out something like this

DisplayName      Id                                   IssuerUri                                                             
-----------      --                                   ---------                                                             
byndidharry.net d805a045-db04-40d3-af2e-cc4372b65638 https://auth-us.beyondidentity.run/v1/tenants/000124e1a53a9862/real...

This worked with 2.25, but now fails with 2.26.

How to reproduce

Try running this script

#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
$domain= "byndidharry.net" # Domain that needs to be federated. Please update with customer domain name.
$LogOnUrl = "https://auth-us.beyondidentity.run/v1/tenants/000124e1a53a9862/realms/86462800e33b5b0b/applications/425cdfdd-f956-4f0b-b195-1f39890bd27d/ws-fed/initiate"
$mex= ""
$issueruri = "https://auth-us.beyondidentity.run/v1/tenants/000124e1a53a9862/realms/86462800e33b5b0b/applications/425cdfdd-f956-4f0b-b195-1f39890bd27d/ws-fed/FederationMetadata/2007-06/FederationMetadata.xml"
[String] $SigningCert = "MIIGDDCCA/SgAwIBAgIUJLFCgZlqPGP4RV985l7mpOKcdRYwDQYJKoZIhvcNAQELBQAwgb8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxGDAWBgNVBAoMD0JleW9uZCBJZGVudGl0eTE6MDgGA1UEAwwxYXBwbGljYXRpb25zLzQyNWNkZmRkLWY5NTYtNGYwYi1iMTk1LTFmMzk4OTBiZDI3ZDE0MDIGCSqGSIb3DQEJARYlYXdzLmluZnJhc3RydWN0dXJlQGJleW9uZGlkZW50aXR5LmNvbTAeFw0yNTAyMjExNTQ5MjVaFw0zNTAyMTkxNTQ5MjVaMIG/MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9CZXlvbmQgSWRlbnRpdHkxOjA4BgNVBAMMMWFwcGxpY2F0aW9ucy80MjVjZGZkZC1mOTU2LTRmMGItYjE5NS0xZjM5ODkwYmQyN2QxNDAyBgkqhkiG9w0BCQEWJWF3cy5pbmZyYXN0cnVjdHVyZUBiZXlvbmRpZGVudGl0eS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCrEOVCObYmlIADqGUFeBEUSNm7vuXADCSeMvRHJUvkTtXOAfSnOrpk6P0w970wk68gUNBHjxmGTLVO9NosdoDEXmVZT6CGGmLAlRz/KT9UN0m0Ydf//Cb01C+N6MfHTiJ29RuFwOejpoUD0fX2ncOh3pse6z3a+iyQYCLHH7P7yV2h2uoDDTNOcnhgOXwrEsp0SgmXgFx8SrGHa7B80hMwuyYVb38nMipctXm+itMkdI00NCyHpRDjtONFIdQ3AG7O2w5pOGo50v6Z6oMDS6Yfhg461nysK2XENlPt6ZK/Mm+UDwhLJkPayuojHp2D10OndABaUDmVmfNrjBnOVBE6YtYKTy5CbcO8tVVWNcIIdn6DXUYbHSYwz2rUQr6nTEb/nZFy08mq4p7CVm1KU4lzX9wcaFnIr29SoGS/SUE5YykIlfqIr0He7NSr0rTGJ0+K4ExpqjL0NaPmFhcELevLvmpqOPkG7589EuETPkB2hiIZGv3G9BvWKTnuYtN+cJnW0A55DBALK6VhMiZUJMmbe2jx+KECvEm/0zjL9ZYoJqAKvuwSPBOEQ8/bi9ufil2eaPiTwc5Hzrzr06lLWwNBU1tqoi+ClbdP1mzss85tMIgmYMZnPZGsQ/x6VSrEXPqr5ZhLlXsZBk1B5tqs4pF4/Y/ieJi/LmudaafBGoih7QIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQCRbiczS3OmHj4+G/FAZhK7lKvptP4biUCYispIXoMHS0L5WLEyklFCkEh/AAmX3WhD5G9Lu6Gqk8YWjmb1QqPLxiTtM75F65T4nCylh0ezTnt5kI59qF8Qo8+mhGGu+tsBeRlGt4zpdjepc6dVTfZ3FLgXojryt1M4AlX8mtai4BZgMwhhDZTQAeMYNhWC5zqELpdOSwLEQy6uqKmLPgsSSN4aESQjlX5thlU5GpGJc2ovVNPiAJLufoClbjz/L0w3XzZk5CuPpEsrR2dkUgmfJMmwceKRu+q0o87L3LyTGL2Hoje3GcYlAlsZEqHFgDE0r11CTfKZMn7qYXkfUmLG7UIeRoLqFBk6cfYpnKzylqnlYD5SYg+eRGdUCY6y9HrMdxkjChH2NloyWFqlt342zwVwlbn3MMH8xXINh2yBoLOyDqeLLgH6ILjuyi9mYBO8VrT12KIHX6eaJOFY0kAR25Ar3jSqBTbsfGBJz4NNrZ7ruMPbCF6+PDQW2kkW1uDohgZVpTjczZBClrjpdQxxs1GVj3tFE+sGxzrgBVU/qPT+qZR1WFaKhaeWx6TpiqZXzM1hRSl3qW0DtYo2TPwia4WE0hP6HUXAlYfG9VCChlu2hvGcf/Gq1R1fJ/VB+qLVoObAUwHngZ7/W1n/asJNhIHCk8It0J0ZVowZy5Es2g=="
$LogOffUrl = "https://portal.azure.com/"
$Protocol = "wsFed"
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"

# Convert Domain to Managed Authentication
Update-MgDomain -DomainId $domain -AuthenticationType "Managed"

# Configure WS-Federation
$params = @{
    DisplayName                     = $domain
    IssuerUri                       = $issueruri
    PassiveSignInUri                = $LogOnUrl
    SigningCertificate              = $SigningCert
    SignOutUri                      = $LogOffUrl
    PreferredAuthenticationProtocol = $Protocol
    FederatedIdpMfaBehavior         = "acceptIfMfaDoneByFederatedIdp"
}

# Conditionally add MetadataExchangeUri if a valid value is provided
if ($mex -ne "") {
    $params.MetadataExchangeUri = $mex
}

New-MgDomainFederationConfiguration -DomainId $domain -BodyParameter $params

# Check Federation Settings
Get-MgDomainFederationConfiguration -DomainId $domain | Format-List *

SDK Version

2.26

Latest version known to work for scenario above?

2.25

Known Workarounds

Luckily, some of our users have not upgraded to 2.25, so this command was able to work on their machines.

Debug output

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/v1.0/domains/byndidharry.net/federationConfiguration

Headers:
FeatureFlag                   : 00000003
Cache-Control                 : no-store, no-cache
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-US),PowerShell/5.1.26100.2161
SdkVersion                    : graph-powershell/2.26.0
client-request-id             : f3ccf046-e205-4031-a0d8-23ff0ee271a7

Body:
{
  "displayName": "byndidharry.net",
  "issuerUri": "https:auth-us.beyondidentity.comv1tenants0001e662e45412a8realms12934a16f40f0f1capplicationsf5ccc714-e921-4c03-8701-327bf3c81508ws-fedFederationMetadata2007-06FederationMetadata.xml",
  "passiveSignInUri": "https:auth-us.beyondidentity.comv1tenants0001e662e45412a8realms12934a16f40f0f1capplicationsf5ccc714-e921-4c03-8701-327bf3c81508ws-fedinitiate",
  "preferredAuthenticationProtocol": "wsFed",
  "signingCertificate": "MIIGDDCCASgAwIBAgIUX5yrLtJSFNtmZvlSS36OuCz2xSYwDQYJKoZIhvcNAQELBQAwgb8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxGDAWBgNVBAoMD0JleW9uZCBJZGVudGl0eTE6MDgGA1UEAwwxYXBwbGljYXRpb25zL2Y1Y2NjNzE0LWU5MjEtNGMwMy04
NzAxLTMyN2JmM2M4MTUwODE0MDIGCSqGSIb3DQEJARYlYXdzLmluZnJhc3RydWN0dXJlQGJleW9uZGlkZW50aXR5LmNvbTAeFw0yNTAyMDYyMTI4NDVaFw0zNTAyMDQyMTI4NDVaMIGMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9CZXlvbmQgSWRlbnRpdHkxOjA4BgNVBAMMM
WFwcGxpY2F0aW9ucy9mNWNjYzcxNC1lOTIxLTRjMDMtODcwMS0zMjdiZjNjODE1MDgxNDAyBgkqhkiG9w0BCQEWJWF3cy5pbmZyYXN0cnVjdHVyZUBiZXlvbmRpZGVudGl0eS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyenR8ebqh5ZKC1iAVvxAYCzRtg9aj94VK1HaIAV7VBRbMoFAEh81hvjoVpZhyFUcIJsxXktAbb
A5ZLPhVJN0pPwjtR0aE4kgAnOjYxYpuFsPRSiNYIwz19VhZC6LhEo0ZOt9291X+ijkVhKbGLXfQxA+imgiMZO4Zo1Mk9XBpF78EID6eS61+xUIjCdgc6coaVQQaQ5Pc10itaJKJHnRP5G1pnMgoH40ODN+umX5El9TWatDEXb1EIuw6f6nRG5TmcdoEPzVKG1p0gH62C2YfhOc4MYtWQbDlSdlB1bpczLAlgqfnXMbel6sDC4o8ZYrCqmrR1CsYX
ACKpjqWecqr1TlIy3+7oySJglSCwiZ6sjPNE3rIb7SRzhQx5htiMFRw6YLHemc4d5k5tAJv7eozx21KI5XezJusaP8S6zngHFt9tbGtzInqtDLgA+q72yULmYNX+v2FjqSzRgCSZc4kgES1wbWZbth3Umz2gc1J2bGVDhRkgM1sYCs6gZMLdjjw+NX5Ff8C6DMrI4urIUdhAGJmtvP0dYBhJlMq49jZ52MEwvyuLNFchbC0LEdB83GDVhrgRGLnF
b+3tGorvJgj67uUAZC4lj96y+G8ZjgytMkxV9ABpM0+nAZfTmhwN+uOc9bBbnmyxnxGPjAynyyY03MeToNwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAsrBngkAjOPRYWyTJafDJDwmyEDy+OTOeuwjKCdV7MoXTvemlXkJfjQmChikOHs27XyuBmz5XEEsMPUGSDcGFBy334DDr9wVJvxxwRDXyPZJmZ8d6oFFMEIXrUAInNDs3QRP9Lg1Nd4lf
BQCqEjfN4xdGiWNNdIgIrYJZQ5662kPGwpWITxBhyLeowcqfOigsRjsMw1VrZeqqWs3IyT3ToefyB8ftmW7WY6tRlX6fkz08gcffAypA+Df6NXo1dOarw+dW9bo4r3ZEY+s1azFDdcro0uKRY1wloP34CVqhzVx85J3uEsa9ijdCQkj0R4ljoU1JnF8t8zlj3uR4v5VHIGjnymQ1J63Y3hTZcBNacf6+bbSroFFSUXnseVrWig3BfyFWUo6pL+rJ
dlxCWmk0QICz6WWQw7SO82pd81CTl0Ue7aDp0kwKKUpf172Px4RIQd7Z8mpO3ALdScWu8lDRQWie1154TguyxTdrZQXBCtSLGTzql98ZGUJ5IjT9iue4Yl0EXJuqR6YR73zQUGPNXaKFHCzqioEYoOsrSi5iB6uom3bvos0yw9K49VX5a2LOZgL45F7PYdxNNDPtp+sG8a5rGP+1f0nwxVimUcyncMbQiCAaJUyfzbTT5inunrSPnCi8DSJnWo3W
KNgRQsXu5VmYfGvJnmkl7eQ==",
  "federatedIdpMfaBehavior": "acceptIfMfaDoneByFederatedIdp",
  "signOutUri": "https:portal.azure.com"
}


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
BadRequest

Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : fb1ca44c-0c42-4b07-827f-d171d59f73da
client-request-id             : f3ccf046-e205-4031-a0d8-23ff0ee271a7
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"South Central US","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"SN4PEPF00001E64"}}
x-ms-resource-unit            : 1
Cache-Control                 : no-cache
Date                          : Tue, 25 Feb 2025 18:30:14 GMT

Body:
{
  "error": {
    "code": "Request_BadRequest",
    "message": "Invalid value specified for property 'issuerUri' of resource 'InternalDomainFederation'.",
    "details": [
      {
        "code": "InvalidValue",
        "message": "Invalid value specified for property 'issuerUri' of resource 'InternalDomainFederation'.",
        "target": "issuerUri"
      }
    ],
    "innerError": {
      "date": "2025-02-25T18:30:15",
      "request-id": "fb1ca44c-0c42-4b07-827f-d171d59f73da",
      "client-request-id": "f3ccf046-e205-4031-a0d8-23ff0ee271a7"
    }
  }
}


New-MgDomainFederationConfiguration : Invalid value specified for property 'issuerUri' of resource 'InternalDomainFederation'.
Status: 400 (BadRequest)
ErrorCode: Request_BadRequest
Date: 2025-02-25T18:30:15
Headers:
Transfer-Encoding             : chunked
Vary                          : Accept-Encoding
Strict-Transport-Security     : max-age=31536000
request-id                    : fb1ca44c-0c42-4b07-827f-d171d59f73da
client-request-id             : f3ccf046-e205-4031-a0d8-23ff0ee271a7
x-ms-ags-diagnostic           : {"ServerInfo":{"DataCenter":"South Central US","Slice":"E","Ring":"5","ScaleUnit":"005","RoleInstance":"SN4PEPF00001E64"}}
x-ms-resource-unit            : 1
Cache-Control                 : no-cache
Date                          : Tue, 25 Feb 2025 18:30:14 GMT
At C:\Users\sush\Documents\Untitled3.ps1:33 char:1
+ New-MgDomainFederationConfiguration -DomainId $domain -BodyParameter  ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: ({ DomainId = by...ainFederation }:<>f__AnonymousType83`3) [New-MgDomainFed...guration_Create], Exception
    + FullyQualifiedErrorId : Request_BadRequest,Microsoft.Graph.PowerShell.Cmdlets.NewMgDomainFederationConfiguration_Create
DEBUG: [CmdletEndProcessing]: - New-MgDomainFederationConfiguration end processing.

Configuration

Windows

Other information

No response

[harrycguo]

Ah, adding the debug helped shape the request.

I see that in the HTTP-Request, the URI's have the / stripped away:

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/v1.0/domains/byndidharry.net/federationConfiguration

Headers:
FeatureFlag                   : 00000003
Cache-Control                 : no-store, no-cache
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-US),PowerShell/5.1.26100.2161
SdkVersion                    : graph-powershell/2.26.0
client-request-id             : f3ccf046-e205-4031-a0d8-23ff0ee271a7

Body:
{
  "displayName": "byndidharry.net",
  "issuerUri": "https:auth-us.beyondidentity.comv1tenants0001e662e45412a8realms12934a16f40f0f1capplicationsf5ccc714-e921-4c03-8701-327bf3c81508ws-fedFederationMetadata2007-06FederationMetadata.xml",
  "passiveSignInUri": "https:auth-us.beyondidentity.comv1tenants0001e662e45412a8realms12934a16f40f0f1capplicationsf5ccc714-e921-4c03-8701-327bf3c81508ws-fedinitiate",
  "preferredAuthenticationProtocol": "wsFed",
  "signingCertificate": "MIIGDDCCASgAwIBAgIUX5yrLtJSFNtmZvlSS36OuCz2xSYwDQYJKoZIhvcNAQELBQAwgb8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxGDAWBgNVBAoMD0JleW9uZCBJZGVudGl0eTE6MDgGA1UEAwwxYXBwbGljYXRpb25zL2Y1Y2NjNzE0LWU5MjEtNGMwMy04
NzAxLTMyN2JmM2M4MTUwODE0MDIGCSqGSIb3DQEJARYlYXdzLmluZnJhc3RydWN0dXJlQGJleW9uZGlkZW50aXR5LmNvbTAeFw0yNTAyMDYyMTI4NDVaFw0zNTAyMDQyMTI4NDVaMIGMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9CZXlvbmQgSWRlbnRpdHkxOjA4BgNVBAMMM
WFwcGxpY2F0aW9ucy9mNWNjYzcxNC1lOTIxLTRjMDMtODcwMS0zMjdiZjNjODE1MDgxNDAyBgkqhkiG9w0BCQEWJWF3cy5pbmZyYXN0cnVjdHVyZUBiZXlvbmRpZGVudGl0eS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyenR8ebqh5ZKC1iAVvxAYCzRtg9aj94VK1HaIAV7VBRbMoFAEh81hvjoVpZhyFUcIJsxXktAbb
A5ZLPhVJN0pPwjtR0aE4kgAnOjYxYpuFsPRSiNYIwz19VhZC6LhEo0ZOt9291X+ijkVhKbGLXfQxA+imgiMZO4Zo1Mk9XBpF78EID6eS61+xUIjCdgc6coaVQQaQ5Pc10itaJKJHnRP5G1pnMgoH40ODN+umX5El9TWatDEXb1EIuw6f6nRG5TmcdoEPzVKG1p0gH62C2YfhOc4MYtWQbDlSdlB1bpczLAlgqfnXMbel6sDC4o8ZYrCqmrR1CsYX
ACKpjqWecqr1TlIy3+7oySJglSCwiZ6sjPNE3rIb7SRzhQx5htiMFRw6YLHemc4d5k5tAJv7eozx21KI5XezJusaP8S6zngHFt9tbGtzInqtDLgA+q72yULmYNX+v2FjqSzRgCSZc4kgES1wbWZbth3Umz2gc1J2bGVDhRkgM1sYCs6gZMLdjjw+NX5Ff8C6DMrI4urIUdhAGJmtvP0dYBhJlMq49jZ52MEwvyuLNFchbC0LEdB83GDVhrgRGLnF
b+3tGorvJgj67uUAZC4lj96y+G8ZjgytMkxV9ABpM0+nAZfTmhwN+uOc9bBbnmyxnxGPjAynyyY03MeToNwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAsrBngkAjOPRYWyTJafDJDwmyEDy+OTOeuwjKCdV7MoXTvemlXkJfjQmChikOHs27XyuBmz5XEEsMPUGSDcGFBy334DDr9wVJvxxwRDXyPZJmZ8d6oFFMEIXrUAInNDs3QRP9Lg1Nd4lf
BQCqEjfN4xdGiWNNdIgIrYJZQ5662kPGwpWITxBhyLeowcqfOigsRjsMw1VrZeqqWs3IyT3ToefyB8ftmW7WY6tRlX6fkz08gcffAypA+Df6NXo1dOarw+dW9bo4r3ZEY+s1azFDdcro0uKRY1wloP34CVqhzVx85J3uEsa9ijdCQkj0R4ljoU1JnF8t8zlj3uR4v5VHIGjnymQ1J63Y3hTZcBNacf6+bbSroFFSUXnseVrWig3BfyFWUo6pL+rJ
dlxCWmk0QICz6WWQw7SO82pd81CTl0Ue7aDp0kwKKUpf172Px4RIQd7Z8mpO3ALdScWu8lDRQWie1154TguyxTdrZQXBCtSLGTzql98ZGUJ5IjT9iue4Yl0EXJuqR6YR73zQUGPNXaKFHCzqioEYoOsrSi5iB6uom3bvos0yw9K49VX5a2LOZgL45F7PYdxNNDPtp+sG8a5rGP+1f0nwxVimUcyncMbQiCAaJUyfzbTT5inunrSPnCi8DSJnWo3W
KNgRQsXu5VmYfGvJnmkl7eQ==",
  "federatedIdpMfaBehavior": "acceptIfMfaDoneByFederatedIdp",
  "signOutUri": "https:portal.azure.com"
}

I ran the same command with -Debug with a working 2.25 version, and I got this for the HTTP-Request

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://graph.microsoft.com/v1.0/domains/byndidharry.net/federationConfiguration

Headers:
FeatureFlag                   : 00000043
Cache-Control                 : no-store, no-cache
User-Agent                    : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.26100; en-US),PowerShell/5.1.26100.2161
Accept-Encoding               : gzip
SdkVersion                    : graph-powershell/2.25.0
client-request-id             : 82e679e4-3f99-4a15-9ac8-98ef9cd111fe

Body:
{
  "displayName": "byndidharry.net",
  "issuerUri": "https://auth-us.beyondidentity.com/v1/tenants/0001e662e45412a8/realms/12934a16f40f0f1c/applications/f5ccc714-e921-4c03-8701-327bf3c81508/ws-fed/FederationMetadata/2007-06/FederationMetadata.xml",
  "passiveSignInUri": "https://auth-us.beyondidentity.com/v1/tenants/0001e662e45412a8/realms/12934a16f40f0f1c/applications/f5ccc714-e921-4c03-8701-327bf3c81508/ws-fed/initiate",
  "preferredAuthenticationProtocol": "wsFed",
  "signingCertificate": "MIIGDDCCA/SgAwIBAgIUX5yrLtJSFNtmZvlSS36OuCz2xSYwDQYJKoZIhvcNAQELBQAwgb8xCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxGDAWBgNVBAoMD0JleW9uZCBJZGVudGl0eTE6MDgGA1UEAwwxYXBwbGljYXRpb25zL2Y1Y2NjNzE0LWU5MjEtNGMwMy04N
zAxLTMyN2JmM2M4MTUwODE0MDIGCSqGSIb3DQEJARYlYXdzLmluZnJhc3RydWN0dXJlQGJleW9uZGlkZW50aXR5LmNvbTAeFw0yNTAyMDYyMTI4NDVaFw0zNTAyMDQyMTI4NDVaMIG/MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZb3JrMRgwFgYDVQQKDA9CZXlvbmQgSWRlbnRpdHkxOjA4BgNVBAMMMWF
wcGxpY2F0aW9ucy9mNWNjYzcxNC1lOTIxLTRjMDMtODcwMS0zMjdiZjNjODE1MDgxNDAyBgkqhkiG9w0BCQEWJWF3cy5pbmZyYXN0cnVjdHVyZUBiZXlvbmRpZGVudGl0eS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCyenR8ebqh5ZKC1iAVvxAYCzRtg9aj94VK1HaIAV7VBRbMoFAEh81hvjoVpZhyFUcIJsxXktAbbA5ZL
PhVJN0pPwjtR0aE4kgAnOjYxYpuFsPRSiNYIwz19VhZC6L/hEo0ZOt9291X+ijkVhKbGLXfQxA+imgiMZO4Zo1Mk9X/BpF78EID6eS61+xUIjCd/gc6coaVQQaQ5Pc10itaJKJHnRP5G1pnMgoH40ODN+umX5El9TWa/tDEXb1EIuw6f6nRG5TmcdoEPzVKG1p0gH62C2YfhOc4MYtWQbDlSd/lB1bpczLAlgqfnXMbel6sDC4o8ZYrCqmrR1CsYXA
CKpjqWecqr1TlIy3+7oySJglSCwiZ6sjP/NE3/rIb7SRzhQx5htiMFRw6YLHemc4d5k5tAJv7eozx21KI5XezJusaP8S6zngHFt9tbGtzIn/qtD/LgA+q72yULmYNX+v2FjqSzRgCSZc4kgES1wbWZbth3Umz2gc1J2bGVDhRkgM1sY/Cs6gZMLdjjw+NXrn5Ff8C6DMrI4urIUdhAGJmtvP0dYBhJlMq49jZ52MEwvyuLNFchbC0LEdB83GDVhrgR
GLnFb+3tGorvJgj67uUAZC4lj96y+G8ZjgytMkxV9ABpM0+nAZfTmhwN+urnOc9bBbnmyxnxGPjAynyyY03MeToNwIDAQABMA0GCSqGSIb3DQEBCwUAA4ICAQAsrBngkAjOPRYWyTJafDJDwmyEDy+OTOeuwjKCdV7MoXTvemlXkJfjQmChikOHs27XyuBmz5XEEsMPUGSDcGFBy334DDr9wVJvxxwRDXyPZJmZ8d6oFFMEIXrUAInNDs3QRP9Lg1N
d4lfBQCqEjfN4xdGiWNNdIgIrYJZQ5662kPGwpWITxBhyLeowcqfOig/sRjsMw1VrZeqqWs3IyT3ToefyB8ftmW7WY6tRlX6fkz08gcffAyp/A+Df6NXo1dOarw+dW9bo4r3ZEY+/s1azFDdcro0uKRY1wloP34CVqhzVx85J3uEsa9i/jdCQkj0R4ljoU1JnF8t8zlj3uR4v5VHIGjnymQ1J63Y3hTZcBNacf6+bbSroFFSU/XnseVrWig3Bf/yFW
Uo6pL+rJdlxCWmk0QICz6WWQw7SO82pd81CTl0Ue7aDp0kwKKUpf172Px4RIQd7Z8mpO3ALdScWu8lDRQWie1154TguyxTdrZQXBCtSLGTzql98ZG/UJ5IjT9iue4Yl0EXJuqR6YR73zQUGPNXaKFHCzqioEYoOsrSi5iB6uom3bvos0yw9K49VX5a2LOZgL45F7PYdxNNDPtp+sG8a5rGP+1f0nwxVimUcyncMb/QiCAaJUyfzbTT5inunrSPnCi8
DSJnWo3WKNgRQsXu5VmYfGvJnmkl7eQ==",
  "federatedIdpMfaBehavior": "acceptIfMfaDoneByFederatedIdp",
  "signOutUri": "https://portal.azure.com/"
}

All the URIs still have the / intact.

[timayabi2020]

Hi @harrycguo sorry for that experience. Please update to version 2.26.1. I'll also close this as a duplicate of #3173 which had been reported earlier.