Open ScottStefanich opened 5 months ago
Thank you @ScottStefanich. Will try and see if we can repo this.
I did test the install a week ago w/o running in to this issue. Only change since then is Azure CLI 2.55 -> 2.56.
Did you try and install the Amin Service API before installing the Permissions API? I looks like the error has to do with the script not being able to download the output deployment parameters from an earlier deployment.
Running the SaaS.Admin deployment script results in the same two errors (MSAL token cache and Identity Bicep deployment output parameters).
The deployment named 'IdentityFoundationDeployment' successfully completed.
The deployment Output has the following parameters,
version
location
environment
appConfigurationName
keyVaultName
keyVaultUri
appServicePlanName
userAssignedIdentityName
userAssignedIdentityId
sqlServerFQDN
sqlDbServerName
applicationInsightsName
logAnalyticsWorkspaceName
automationAccountName
@1iveowl, can you confirm the SaaS Administration Service API deployment script attempts to retrieve these parameters?
I want to report this other error. but first few observation notes:
azureAdB2CInstanceURL
which is not mentioned in here doc
but I think is related to the one mentioned later on swagger:
"deployment": {
...
"azureb2c": {
...
"tenantId": "***GUID***",
"instance": "https://***.b2clogin.com"
},
...
}
Please provide string value for 'azureAdB2CInstanceURL' (? for help): https://********.b2clogin.com
{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The template parameters 'azureAdInstance' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'version, keyVaultName, keyVaultUri, azureB2CDomain, azureB2cTenantId, azureAdB2CInstanceURL, signedOutCallBackPath, signUpSignInPolicyId, baseUrl, clientId, userAssignedIdentityName, appConfigurationName, certificateKeyName'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}
### Critical Error ###
Failed to deploy to permissions-api. This sometimes happens, please try again.
The solution for this, was replacing azureAdInstance
for azureAdB2CInstanceURL
in the parameter file src\Saas.Identity\Saas.Permissions\deployment\bicep\parameters\config-entries-parameters.json
and
src\Saas.Identity\Saas.Permissions\deployment\script
I restarted the procedure with a new Entra ID tenant and updated the following,
The Identity Provider deployment script completed without errors on the first try.
The Permissions API deployment script encountered the same error,
### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.
### Critical Error ###
Failed to get Identity Bicep deployment output parameters
I successfully deployed Identity Foundation Services and m attempting to run the SaaS Permissions API deployment script.
Running the script fails with the following results,
I tried logging into the Azure CLI with
az login --use-device-code
and setting the subscription withaz account set -s subscriptionId
.I'm using Windows 11, WSL 2, Azure CLI 2.56.0, and GitHub CLI 2.41.0.