DPS SAS token generation not working

Arun S 1 Reputation point
2021-02-18T04:26:38.023+00:00

Hi All,

I have few questions about Azure DPS connection and registration using SAS tokens. I'm referring to the sample application in the repo https://github.com/Azure/azure-sdk-for-c/blob/master/sdk/samples/iot/paho_iot_provisioning_sample.c

  1. "provisioning_registration_id", Is registration_id same as the the one mentioned in Azure account Manage enrollments->Individual Enrollments->REGISTRATION ID .
  2. How to generate SAS tokens for DPS? I'm not using x86 openssl. For HUB type, SAS token can be generated using Visual Studio Code. Similar mechanism is available?

I need SAS token to generate password.

Any support for the above will be of great help!

Thanks,
Arun

Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
1,145 questions
{count} votes

6 answers

Sort by: Most helpful
  1. QuantumCache 20,106 Reputation points
    2021-02-18T20:58:05.2+00:00

    Hello @Arun S

    1) Yes, please make a note of the RegistrationID

    69801-image.png

    2) Please refer to the below documentation links on various languages to generate the SAS token.

    Azure/iot-dps/Detailed attestation process and,

    Azure/iot-hub/Security token structure

    Please let us know if you need further help in this matter.


  2. 2021-03-18T03:56:22.3+00:00

    @QuantumCache
    Sorry for late response.
    Im still facing connection failure for DPS using SAS tokens. I followed the links you shared in this thread.

    Below is the procedure followed,

    1. Created IoT hub for SAS tokens. This i'm able to successfully connect and run IoT hub sample applications.
    2. Created DPS service, linked the IoT hub, Added enrollment.
    3. Since im not using openssl i generated username and password locally. Here is the example of configuraitons im using it. Port [8883], username [test-dps.azure-devices-provisioning.net/deviceID01/?api-version=2018-06-30] and connection_password [https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#security-token-structure] used this link to generate manually.

    Query:

    • For IoT Hub i'm able to generate SAS tokens using visual code->"generate SAS Token for Device". Is there any similar way to generate the SAS tokens for DPS?

    Any support on this will be helpful.


  3. 2021-03-24T04:02:55.13+00:00

    @QuantumCache Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
    Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
    uri -> (test-dps.azure-devices-provisioning.net)
    key -> Symmetric Key ->primary key
    policy_name -> None

    With above configurations & python script im able to generate below SAS token
    SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

    Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
    Above SAS token is used as password during Azure MQTT connection

    Observation: Connection refused from the Azure server for MQTT connect request
    Query:

    • Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
    • Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()
    0 comments No comments

  4. 2021-03-24T04:05:54.837+00:00

    @QuantumCache Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
    Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
    uri -> (test-dps.azure-devices-provisioning.net)
    key -> Symmetric Key ->primary key
    policy_name -> None

    With above configurations & python script im able to generate below SAS token
    SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

    Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
    Above SAS token is used as password during Azure MQTT connection

    Observation: Connection refused from the Azure server for MQTT connect request
    Query:

    • Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
    • Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()
    0 comments No comments

  5. Arun S 1 Reputation point
    2021-03-24T04:08:44.753+00:00

    @QuantumCache Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
    Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
    uri -> (test-dps.azure-devices-provisioning.net)
    key -> Symmetric Key ->primary key
    policy_name -> None

    With above configurations & python script im able to generate below SAS token
    SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

    Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
    Above SAS token is used as password during Azure MQTT connection

    Observation: Connection refused from the Azure server for MQTT connect request
    Query:

    • Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
    • Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()
    0 comments No comments