SSO URL redirects user to deprecated portal

Question

SSO URL redirects user to deprecated portal

SKate 136

Hello,

When I use REST Api to get SSO URL to redirect user to our developer portal, the returned URL takes user to the deprecated portal:

https://management.azure.com/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroupName}}/providers/Microsoft.ApiManagement/service/{{serviceName}}/users/{{userId}}/generateSsoUrl?api-version=2021-08-01

This call used to work (i.e. it was returning the URL that takes user to the new developer portal) before we added a custom domain.
The Management API URL is still pointing to the default gateway, and there seem to be no way to change it to the custom domain.

What can be done to have the above call to return URL that logs user into the new developer portal?

Thank you

Accepted answer

0 additional answers

Your answer

Answer 1

JananiRamesh-MSFT 29,261

Hi @SKate Thanks for reaching out. As per the document https://learn.microsoft.com/en-us/azure/api-management/developer-portal-deprecated-migration#how-to-migrate-to-new-developer-portal its mentioned that If you use delegation, change the return URL in your applications and use the Get Shared Access Token API endpoint instead of the Generate SSO URL endpoint.

in the Get SSO Url endpoint it returns the redirectUri as a response using which it will redirect to deprecated developer portal as shown below,
{
"redirectUri": "https://apimService1.portal.azure-api.net:443/signin-sso?token=1%26201705301929%26eIkr3%2fnfaLs1GVJ0OVbzkJjAcwPFkEZAPM8VUXvXPf7cJ6lWsB9oUwsk2zln9x0KLkn21txCPJWWheSPq7SNeA%3d%3d"
}

whereas with Get shared Access token API endpoint it will only return the token value as below
{
"value": "userId1718&201904210044&9A1GR1f5WIhFvFmzQG+xxxxxxxxxxx/kBeu87DWad3tkasUXuvPL+MgzlwUHyg=="
}

As per the document https://learn.microsoft.com/en-us/azure/api-management/api-management-howto-setup-delegation you need to form the return url by appending the returnUrl query parameter to the SSO URL you received from the API call above.

could you please confirm if you're following the same steps as above?

If you have created a custom domain, you can concat the custom domain with the token. Please let me know incase of further queries, I would be happy to assist you.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics

SKate 136 Reputation points

2022-09-28T17:53:18.907+00:00

Hi @JananiRamesh-MSFT ,

We don't use delegation currently. We'd like to, but there's the bug that we are waiting for to be resolved.
It sounds like the only way to sign in user to the developer portal directly is to replace the deprecated portal part of the URL with the correct URL.

Regarding the shared Access token API endpoint, per documentation:
https://management.azure.com/subscriptions/{{subscriptionId}}/resourceGroups/{{resourceGroupName}}/providers/Microsoft.ApiManagement/service/{{serviceName}}/users/{{userId}}/token?api-version=2021-08-01
payload: {"properties": { "expiry":"2022-10-01T00:00:00Z", "keyType":"primary"}}
I receive the token back
{ "value": "userId1718&201904210044&9A1GR1f5WIhFvFmzQG+xxxxxxxxxxx/kBeu87DWad3tkasUXuvPL+MgzlwUHyg=="}

With this token, I can sign in user to the deprecated developer portal:
https://{{apim-hostname}}/signin-sso?token=userId1718&201904210044&9A1GR1f5WIhFvFmzQG+xxxxxxxxxxx/kBeu87DWad3tkasUXuvPL+MgzlwUHyg==

But the new developer portal returns an error: SharedAccessSignature token format is not valid.
https://{{developer-portal-hostname}}/signin-sso?token=userId1718&201904210044&9A1GR1f5WIhFvFmzQG+xxxxxxxxxxx/kBeu87DWad3tkasUXuvPL+MgzlwUHyg==

Is the shared access token intended for use with the delegation URL only? If yes, then what's the way to sign in users to the developer portal?

Thank you
JananiRamesh-MSFT 29,261 Reputation points

2022-10-03T05:17:58.163+00:00

Hi @SKate Thank for getting back, I was able to redirect user to the new developer portal even after creating a custom domain name,

Using the below rest api call I was able to get the url for deprecated portal

https://learn.microsoft.com/en-us/rest/api/apimanagement/current-ga/user/generate-sso-url?tabs=HTTP

{
"value": "https://myfirstapim.portal.azure-api.net/signin-sso?token=5edb6d439c0952124ccc6f39%26202210021620%263%2bJ2rqDypS8k4YoSYTg4cSxM%2feOba67XIyLJfAlD6erXoQ4UnbrVM%2fo258BMHroJrURoAFsEGKiuarAP7M4nwA%3d%3d"
}

to signin to new developer portal we need replace the deprecated portal part of the URL with the correct URL.

https://myfirstapim.developer.azure-api.net/signin-sso?token=5edb6d439c0952124ccc6f39%26202210021620%263%2bJ2rqDypS8k4YoSYTg4cSxM%2feOba67XIyLJfAlD6erXoQ4UnbrVM%2fo258BMHroJrURoAFsEGKiuarAP7M4nwA%3d%3d

if you have a custom domain created you must replace the default developer portal endpoint to your custom domain endpoint as below

https://developer.azure-apim.net/signin-sso?token=5edb6d439c0952124ccc6f39%26202210021620%263%2bJ2rqDypS8k4YoSYTg4cSxM%2feOba67XIyLJfAlD6erXoQ4UnbrVM%2fo258BMHroJrURoAFsEGKiuarAP7M4nwA%3d%3d

try this and let me know incase of further queries, I would be happy to assist you.

Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics
Efthimis Skouras 0 Reputation points

2023-08-21T11:47:47.6166667+00:00

Hello, I generated the return url, with the resulting format: https://<CUSTOM_DOMAIN>/signin-sso?token=<SAS_TOKEN> but I am getting an Error: SharedAccessSignature token format is not valid.

Can you guide me?

Thank you.
catriname 1 Reputation point

2023-08-28T20:14:39.5266667+00:00

As mentioned in documents, don't forget to url encode the token value you receive before inserting it into the url. Without it, I was receiving the same: Error: SharedAccessSignature token format is not valid.

Share via

SSO URL redirects user to deprecated portal

0 additional answers

Your answer