locked
Azure Stack Resource Manager API RRS feed

  • Question

  • Hi

    I want to know the Active Directory authority URL and Resource manager URL to work with Azure stack Rest API with C#.

    I have tried with the "AzureStackAdmin", "AzureStackUser" URLs given by the command "Get-AzureRmEnvironment" but it didn't work, It has failed to get the access token.

    Can someone please help me with that and point me to the documentation links for this ?


    sssssz

    Wednesday, May 10, 2017 8:03 PM

Answers

All replies

  • Hello,

    The output returned from the Get-AzureRMEnvironment will return the valid URLs to the Active Directory Authority and Azure Resource Manager endpoints. 

     

    The following documentation/instructions will walk you through configuring and validating you Active Directory Authority and Azure Resource Manager endpoints. 

     

     

    Let us know how it goes.

    We apologize for any inconvenience and appreciate your time and interest in Azure Stack.

    If you continue experience any issues with TP3 release, feel free to contact us.

    https://azure.microsoft.com/en-us/blog/hybrid-application-innovation-with-azure-and-azure-stack/

     

    TP3 Azure Stack Docs:

    https://docs.microsoft.com/en-us/azure/azure-stack/

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-troubleshooting

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-diagnostics

    https://aka.ms/GetAzureStackLogs

     

    Thanks,


    Gary Gallanes

    Thursday, May 11, 2017 4:54 PM
  • Hi

    Thank you for the response. I am looking for the Azure stack Resource Manager endpoint URLs to get the access token and get the VM information using C# SDK, Please suggest me the correct documentation links or URLs.

    I have already tried with the URLs given by "Get-AzureRMEnvironment", It's throwing the below error.

    when I use "ResourceManagerUrl" AuthenticationContext::AcquireToken is failing with the below error.

    "AADSTS50001: The application named https://adminmanagement.local.azurestack.external/ was not found in the tenant named <XXX>.  This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant.  You might have sent your authentication request to the wrong tenant.\r\nTrace ID: 93dfe2ed-fb17-4a8a-84bc-197182251b00\r\nCorrelation ID: 2ff71064-6f4d-4675-9666-6dae3068e777\r\nTimestamp: 2017-05-11 18:53:18Z"

    when I use "ActiveDirectoryServiceEndpointResourceId ", SubscriptionClient::Tenants is failing with the below error.


    "InvalidAuthenticationTokenAudience: The access token has been obtained from wrong audience or resource 'https://adminmanagement.cvazurestack.onmicrosoft.com/37b026ef-e63e-40a5-97d8-0c4595539db8'. It should exactly match (including forward slash) with one of the allowed audiences 'https://management.core.windows.net/','https://management.azure.com/'."


    sssssz

    Thursday, May 11, 2017 7:19 PM
  • I've seen this when my Service Principal was not given the proper permissions in AAD for Azure Stack, and when consent was not granted in the portal;

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-create-service-principals


    Consent;

    1. For the administrator portal, navigate to https://adminportal.local.azurestack.external/guest/signup, read the information, and then click Accept. After accepting, you can add service administrators who are not also directory tenant administrators.

    2. For the tenant portal, navigate to https://portal.local.azurestack.external/guest/signup, read the information, and then click Accept. After accepting, users in the directory can sign in to the tenant portal.

    Monday, May 15, 2017 5:24 PM
  • Hi

    Thanks for your reply.

    I have created service principal(application) using azure portal(portal.azure.com) but I don't see any option to assign this newly created app to my subscription.

    I don't see "subscription" option in azure portal for "Azure stack deployment" directory.

    I have "subscription" option in adminportal.local.azurestack.external, but I don't see the applications created on azure portal, so couldn't assign the application to the subscription and also I don't see that option as mentioned in step 6.

    https://docs.microsoft.com/en-us/azure/azure-stack/azure-stack-create-service-principals

    1. Select Access Control (IAM).

      select access

    2. Select Add.

    3. Select the role you wish to assign to the application.

    4. Search for your application, and select it.



    sssssz

    Monday, May 15, 2017 8:19 PM
  • Hi

    I have added the newly created application to the default subscription but still failing with same errors.

    Can someone please let me know the exact authorization and endpoint URLs for Azure stack Resource manager with C# SDK ?

    Details:

    I have created new application under “AzurestackDeployment.onmicrosoft.com” using Azure portal and created the service principal for newly created application under “Default Provider Subscription” using adminportal on Azure stack host machine.

    I am using application Id(created above), tenant Id(AzurestackDeployment.onmicrosoft.com), SubscriptionId(“Default Provider Subscription”),  client secret(Key value gave during application creation) to connect to the Azure stack. I have tried with the URLs given by "Get-AzureRMEnvironment", It's throwing the same errors when I tried from azure stack host machine and also from different physical machine.


    sssssz

    Wednesday, May 17, 2017 3:44 PM
  • Hi,

    Was someone able to solve this issue? I accepted consent and added application to subscription in Azure Stack admin portal. But I am still getting error -

    com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS50001: The application named https:\/\/adminmanagement.local.azurestack.external\/ was not found in the tenant named ...

    Thanks.

    Wednesday, July 19, 2017 11:36 PM