configure-sso fails to set tenant reply urls

[tfsjohan]

I'm trying to setup SSO. I'm running as a administrator of a CDX environment with full Office and Power Platform. App registration fails to set reply urls with:

ERROR: Method not allowed

Full log:

Opening browser for authentication to Azure. Enter valid Azure credentials
Login was successful!
Registering new application in Azure
Application was successfully registered with Azure
Setting identifierUri
    Attempt 1
Itendifier Set
Setting signin audience
    Attempt 1
Sign In Audience Set
Granting admin consent
    Attempt 1
Consent granted
/Users/johannordberg/Projects/Help/SSO/node_modules/office-addin-sso/lib/configure.js:289
            throw new Error(errorMessage);
                  ^

Error: Unable to set tenant reply urls. 
ERROR: Method Not Allowed({"error":{"code":"Request_BadRequest","message":"Specified HTTP method is not allowed for the request target.","innerError":{"date":"2022-12-12T12:11:27","request-id":"2ede7597-d964-4dd0-8255-94bb3ed09443","client-request-id":"2ede7597-d964-4dd0-8255-94bb3ed09443"}}})

    at Object.<anonymous> (/node_modules/office-addin-sso/lib/configure.js:289:19)
    at Generator.throw (<anonymous>)
    at rejected (/node_modules/office-addin-sso/lib/configure.js:5:65)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Operating System: macOS
• Node version: 16.18.1
• Office version:
• Tool version:

Failure Logs

Please include any relevant log snippets, screenshots or code samples here.

[millerds]

I'm not sure what a CDX environment is so I can't say what effect that would have, however I'm not sure it matters.

The configure command is running a series of azure cli commands that setup the sso tenant. These commands assume you are logging into (when prompted in the browser) an M365 (or O365) tenant that supports it (a vanilla azure tenant does not). We offer development environments for this via https://developer.microsoft.com/en-us/microsoft-365/dev-program. I believe this error comes when you are logging into a tenant that doesn't have Office support.

Unfortunately, the script doesn't figure out which type of subscription you are trying to use. This is something that could be added to the configuration script in order to improve the experience.

[tfsjohan]

CDX is a Microsoft service where you can create test environments. In my case the description of the environment is this:

This demo environment contains the most complete demo content to showcase Microsoft 365 products to your customer. We recommend this environment for most demo circumstances. It includes trial licenses and pre-hydrated content for the full Office 365 E5 suite, with the one exception of Microsoft Defender for Endpoint. In addition, you also have the option to include select additional demo content. Available with either a 90-day or 1-year subscription by selecting the appropriate period at the top of the page.

And I tried to run configure-sso as the admin of that tenant.

When running configure-sso with a regular workplace account with just Azure admin access, it fails much earlier.

[coreprocess]

@tfsjohan @millerds I needed to patch the https://github.com/OfficeDev/Office-Addin-Scripts/blob/master/packages/office-addin-sso/src/configure.ts to make it work with the tenant created via https://developer.microsoft.com/en-us/microsoft-365/dev-program.

Basically I changed both if (setReplyUrls) { lines to if (setReplyUrls && servicePrinicipaObjectlId) {.

For whatever reason the app ids "bc59ab01-8403-45c6-8796-ac3ef710b3e3" and "57fb890c-0dab-4253-a5e0-7188c88b2bb4" are not in the az ad sp list --all list.

At least the set up routine completes successfully and I was able to run the SSO example that fetches the user data. I haven't checked yet if it causes other issues.

[millerds]

The fix has been made and published in current version.