1

Resolved

Gateway Security - Management API authorization not working

description

Hi guys,

I followed the instructions available here to set up Service Gateway:
http://sg.codeplex.com/wikipage?title=Console

Everything works well up until the point where I need to authorize access to the Azure Management API.
The first time I loaded the gateway, I signed in with an Global Admin account for my directory, went to the "security" tab and clicked "Yes, I authorize access to Windows Azure"

After loading for a few seconds, the same page reloaded. I was expecting to see different settings there. So I refreshed the page just in case and clicked the button again and I received this exception: "Failed to POST new object. Details: [Request_BadRequest], Permission entry already exists."

At that point, even though I couldn't see the "Security" page I thought I should be close enough to do a deployment (after setting up a role of course) but when clicking "create new" in the "deployments" tab I get the following exception:
"access_denied
AADSTS65001: No permission to access 'https://management.core.windows.net/' resource is configured for '{a GUID goes here and I'm not sure if it's sensitive info or not}' application, or it is expired or revoked."

Also to note, I was not able to log in using a Microsoft Account (the account my subscription is attached to) and had to create a new AD account and give it subscription admin rights.

Am I missing anything?

Thanks

comments

jamesbak wrote Jan 14, 2014 at 10:48 PM

Hi,

Thanks for trying out the Gateway and thanks so much for the bug report. We have reproed the bug and will fix it as soon as possible.

The issue is to do with a replication delay in WAAD when the Permission object that the app creates to access the Azure Management API (RDFE) does not replicate quickly enough to the authentication endpoint. The app currently does include a 5 sec delay before requesting an authorization code, but this delay does not seem to be consistent.

The workaround is to sign out of the app and then sign back in. Signing in again will force refreshing of all authorization codes which should be replicated by then.

I'll post again when we fix this bug.

Cheers,
James