Support for Recent Changes to Azure AD - Verified Domains

[seversen]

Describe the bug New deployments of the Azure API for FHIR no longer complete successfully because there are resources/apps that use *.azurehealthcareapis.com and this is no longer valid per: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-breaking-changes#appid-uri-in-single-tenant-applications-will-require-use-of-default-scheme-or-verified-domains

To Reproduce Steps to reproduce the behavior, including exact commands you are running:

1. Follow normal environment setup steps.
2. Run .\Create-FhirServerSamplesEnvironment.ps1 -EnvironmentName -UsePaaS $true
3. See error

Expected behavior The entire sample environment should be provisioned. It only provisions the Key Vault and then throws an error similar to this:

_Error occurred while executing NewApplication Code: RequestBadRequest Message: Values of identifierUris property must use a verified domain of the organization or its subdomain: 'https://example123.azurehealthcareapis.com' Details: PropertyName - identifierUris, PropertyErrorCode - HostNameNotOnVerifiedDomain, HostName - https://example123.azurehealthcareapis.com HttpStatusCode: BadRequest HttpStatusDescription: Bad Request HttpResponseStatus: Completed

This issue was also reported in a different GitHub project: https://github.com/Azure/azure-docs-powershell-azuread/issues/724

Are there any plans to address this? As far as I can tell, this project no longer works at all because of the new restrictions.

[acleith]

I have also encountered this problem, as described above, same steps (with environment name specified via -EnvironmentName parameter)

[pogorman]

Same... any plans to remedy this?

[adm-kduddu]

Same , Any update on this please

[brian1985]

I got it to move past this error.

There are two lines you need to update. In Create-FhirServerSamplesEnvironment.ps1 and Create-FhirServerSamplesAuthConfig.ps1 change the text that mentions 'azurehealthcareapis' (appears once in each file) to 'yourdomain.onmicrosoft'

Example $fhirServiceUrl = "https://${EnvironmentName}.azurehealthcareapis.com" should change to $fhirServiceUrl = "https://${EnvironmentName}.'yourdomain'.onmicrosoft.com"

where 'yourdomain' is the name of your AD domain (can be found by going to Azure Active Directory '(https://docs.microsoft.com/en-us/partner-center/find-ids-and-domain-names)

For now, it is installing and has gotten to the part where it says "User found, will update". I'll add more comments if it fails after that point and I can figure out any solutions.

[brian1985]

After waiting a few minutes for the steps to complete I still get one error after Warming up site... Invoke-Webrequest : The remote name could not be resolved: 'xxxxxxxx'

So I don't know if my solution didn't work and just hid an underlying problem or what.

[adm-kduddu]

Thanks Brain for your response , I tried it and still getting error .Can we connect ?

From: Brian @.> Sent: Wednesday, May 11, 2022 11:07 AM To: microsoft/fhir-server-samples @.> Cc: Kiran Kumar Duddu @.>; Comment @.> Subject: Re: [microsoft/fhir-server-samples] Support for Recent Changes to Azure AD - Verified Domains (Issue #151)

BE ADVISED:This email originated from outside of AccentCare’s email system. DO NOT CLICK LINKS or ATTACHMENTS until you have validated the sender and verified the content is safe.

---

After waiting a few minutes for the steps to complete I still get one error after Warming up site... Invoke-Webrequest : The remote name could not be resolved: 'xxxxxxxx'

So I don't know if my solution didn't work and just hid an underlying problem or what.

— Reply to this email directly, view it on GitHubhttps://urldefense.com/v3/__https:/github.com/microsoft/fhir-server-samples/issues/151*issuecomment-1123971204__;Iw!!Kpny4y5Nrw!7n7Grkg48VhtPxloYtUuFlVEsT6x-N9sTDdO3-d5a2DUzMQHzo27_ryd2MWZf_9amEhB-3c2w91vzeRuwpslE9n_EzKyfohO$, or unsubscribehttps://urldefense.com/v3/__https:/github.com/notifications/unsubscribe-auth/AZC4OVUFHESA3YX4PGU3BF3VJPLJVANCNFSM5INPHEVA__;!!Kpny4y5Nrw!7n7Grkg48VhtPxloYtUuFlVEsT6x-N9sTDdO3-d5a2DUzMQHzo27_ryd2MWZf_9amEhB-3c2w91vzeRuwpslE9n_E-6FZTJI$. You are receiving this because you commented.Message ID: @.**@.>>

Information contained in this e-mail and any attachments thereto is intended solely for use of the recipient(s) named above and may be privileged, confidential, and/or proprietary. If you are not the intended recipient, please do not read, distribute, or reproduce this transmission. You are advised that unauthorized use of this e-mail by any unintended recipient may be unlawful and could subject the user to civil damages and other penalties. If you have received this e-mail transmission in error, please notify the sender immediately by reply e-mail and then delete this e-mail.

[brian1985]

I'm not sure I can help much more then that. I very new with azure and kindof stumbled upon my solution. And I am stuck on the next step, so I'm not sure it worked right.

Honestly, since I am still having problems, I might try seeing if I can do this using the build in Azure API for FHIR resource

[aidanplunkitt]

Hi all, give this a try and let me know if it works for you.