Open ScottStefanich opened 5 months ago
1iveowl
commented
5 months ago Thank you @ScottStefanich. Will try and see if we can repo this.
I did test the install a week ago w/o running in to this issue. Only change since then is Azure CLI 2.55 -> 2.56.
1iveowl
commented
5 months ago Did you try and install the Amin Service API before installing the Permissions API? I looks like the error has to do with the script not being able to download the output deployment parameters from an earlier deployment.
ScottStefanich
commented
5 months ago Running the SaaS.Admin deployment script results in the same two errors (MSAL token cache and Identity Bicep deployment output parameters).
ScottStefanich
commented
5 months ago The deployment named 'IdentityFoundationDeployment' successfully completed.
The deployment Output has the following parameters,
version
location
environment
appConfigurationName
keyVaultName
keyVaultUri
appServicePlanName
userAssignedIdentityName
userAssignedIdentityId
sqlServerFQDN
sqlDbServerName
applicationInsightsName
logAnalyticsWorkspaceName
automationAccountName@1iveowl, can you confirm the SaaS Administration Service API deployment script attempts to retrieve these parameters?
appwebcaddy
commented
4 months ago I want to report this other error. but first few observation notes:
azureAdB2CInstanceURL which is not mentioned in here doc
but I think is related to the one mentioned later on swagger:
"deployment": {
...
"azureb2c": {
...
"tenantId": "***GUID***",
"instance": "https://***.b2clogin.com"
},
...
}Please provide string value for 'azureAdB2CInstanceURL' (? for help): https://********.b2clogin.com
{"code": "InvalidTemplate", "message": "Deployment template validation failed: 'The template parameters 'azureAdInstance' in the parameters file are not valid; they are not present in the original template and can therefore not be provided at deployment time. The only supported parameters for this template are 'version, keyVaultName, keyVaultUri, azureB2CDomain, azureB2cTenantId, azureAdB2CInstanceURL, signedOutCallBackPath, signUpSignInPolicyId, baseUrl, clientId, userAssignedIdentityName, appConfigurationName, certificateKeyName'. Please see https://aka.ms/arm-pass-parameter-values for usage details.'.", "additionalInfo": [{"type": "TemplateViolation", "info": {"lineNumber": 0, "linePosition": 0, "path": ""}}]}
### Critical Error ###
Failed to deploy to permissions-api. This sometimes happens, please try again.The solution for this, was replacing azureAdInstance for azureAdB2CInstanceURL in the parameter file src\Saas.Identity\Saas.Permissions\deployment\bicep\parameters\config-entries-parameters.json
and
src\Saas.Identity\Saas.Permissions\deployment\script
ScottStefanich
commented
4 months ago I restarted the procedure with a new Entra ID tenant and updated the following,
The Identity Provider deployment script completed without errors on the first try.
The Permissions API deployment script encountered the same error,
### SaaS Administration Service API ###
Provisioning the SaaS Administration Service API...
Deploying App Service: Downloading Identity Foundation outputs from Resource Group 'rg-asdk-test-****' deployment named 'IdentityFoundationDeployment'...
ERROR: User '****@****.com' does not exist in MSAL token cache. Run `az login`.
### Critical Error ###
Failed to get Identity Bicep deployment output parameters
I successfully deployed Identity Foundation Services and m attempting to run the SaaS Permissions API deployment script.
Running the script fails with the following results,
I tried logging into the Azure CLI with
az login --use-device-codeand setting the subscription withaz account set -s subscriptionId.I'm using Windows 11, WSL 2, Azure CLI 2.56.0, and GitHub CLI 2.41.0.