We're creating an on-premise test environment for our provider-hosted. Basically it is a farm prepared for multitenancy (partitioned services etc.). We are also using ADFS for the authentication.
After creating a site for our app, we have created a tenant, lets call him Tenant1 and installed the app using the following steps:
1) Registered the app using appregnew.aspx 2) Registered the certificate with the following PowerShell
$certificate = Get-PfxCertificate $publicCertPath
New-SPTrustedRootAuthority -Name $authorityName -Certificate $certificate
$spweb = Get-SPWeb $targetTenantSite
$realm = Get-SPAuthenticationRealm -ServiceContext $spweb.Site
$fullIssuerIdentifier = $issuerId + '@' + $realm
New-SPTrustedSecurityTokenIssuer -Name $authorityName -Certificate $certificate -RegisteredIssuerName $fullIssuerIdentifier -IsTrustBroker
3) Added the ClientID and IssuerID to the web.config.
Everything was working fine so we've added a new tenant, lets call him Tenant2. Knowing it from Office365<->Azure environment we wanted to register the app in appregnew.aspx using the same data that was generated while registering the app for Tenant1 (so that we can use one site with same Issuer and Client ID). After that we've used the powershell again to register the certificate for the Tenant2. However when trying to run the app from Tenant2, we get 401 Unauthorized exception. For Tenant1 the app is working perfectly fine.
Is there something we miss?