Updates in Azure Web App

PowerShell Universal
61

I know it’s probably obvious, but have you checked your app service config too to ensure that https is enforced in the TLS/SSL tab:

image
image831×578 37.1 KB

62

I solved the same problem with this

2 Likes
63

Appreciate the thoroughness!
Do have that enforced indeed.

Was eventually able to get this sorted by applying the configuration in the comment by @Skons !

Working like a charm now. Thanks everyone!

1 Like
64

Unfortunately, updating to 2.9.1 resulted in a non-functioning OIDC again.
The update did fix the modules and license activation issues - but OIDC now does actually goes fine up until redirecting back to https://psu.my.domain/auth/signin-oidc, but ends up right there with a blank page.

One of the logs mentions;

CORS policy execution failed.

Another says;

Message contains error: 'invalid_client', error_description: 'AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

and:

CORS policy execution failed.
2022-03-10 14:42:31.858 +00:00 [INF] Request origin https://psu.my.domain does not have permission to access the resource.

Which I haven’t seen before. Nor understand why this is now an issue while it worked fine just hours earlier…

65

Did you configure OIDC via the admin console or with environment variables in the web app? It seems like the client secret value isn’t set any more.

66

Hmmm… at this point - a combination of both.

Might be why it’s not doing the beeps and boops i’m looking for. Will reset and start from 0 to be sure.

67

There we go!
Working like a charm again.

Had to remove any OpenID Connect settings from the dashboard and make sure nothing remained within authentication.ps1 other than the original form authentication.

Then set up all the environment variables, restart the app and there it went. All good now.

68

Does anyone (@insomniacc?) have a .ps1 script to provision an Azure App Service that’s suitable for hosting PSU?

I am keen to learn more about “infrastructure as code” and want a repeatable way to provision an Azure App Service, and since I have to build a fresh PSU instance (our GitHub sync refuses to work in the current one) I’d love to do it with a script.

Thanks!

69

No prob. I’ve probably got something that can help you out. I’ll take a look tomorrow and get back to you!

1 Like