Azure-docs: Not possible to add redirecturi https://ininprodeusuxbase.microsoft.com/*
Hi, apparently you now need to add a redirect uri to the AD client when using AD authentication.
I'm trying this but I have two issues:
- with the new layout of the app registrations in the portal you need to make a choice for each redirect uri that you add, either Web or Public client. Which one is correct in this case?
- It's not possible to add 'https://ininprodeusuxbase.microsoft.com/*' in the new layout (both for web or public client) because it contains wildcard characters. The UI is displaying this as an error.
In the legacy interface this is no problem, but I do get the message it won't be available anymore in May 2019..
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: a113bacb-b999-8f0d-a66b-748e60e5c4d7
- Version Independent ID: d7766575-5ef8-4f9a-49e5-2dbd7696d18e
- Content: View Azure Monitor for containers logs in real time
- Content Source: articles/azure-monitor/insights/container-insights-live-logs.md
- Service: azure-monitor
- GitHub Login: @MGoedtel
- Microsoft Alias: magoedte
mrdfuse
All 10 comments
@mrdfuse Thanks for your question. We are checking on this and will respond to you soon.
SumanthMarigowda-MSFT
on 2 May 2019
@mrdfuse For improving the product security wildcard schemes are not supported anymore by design. You can check the section reply URLs in this article for more information. The article says .
In addition, for security reasons, wildcards and http:// schemes are not supported (with the exception of http://localhost).
This behavior is by design now. We recommend you to use the new App registrations experience as the legacy experience will be removed in future completely . The legacy experience still allows you to add the wildcard scheme as of now and will allow transition for compatibility reasons however for any new applications we do not recommend to use wildcard schemes. We will close this issue now . Should you still have any further query , feel free to tag me or the author @MGoedtel and we will be happy to help you further on this.
Thank you.
shashishailaj
on 6 May 2019
Hi @shashishailaj @MGoedtel, I think you missed my point. It's your documentation that says to add a redirect uri with a wildcard in it (the second sentence of this paragraph: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-live-logs#configure-aks-with-azure-active-directory). That won't be possible anymore using the new app registration UI.
Furthermore the documentation should reflect the new UI, so stating if you need to add a web or public type when adding redirect uri's.
I hope you won't be removing the legacy experience anytime soon as I already found several cases where the new one doesn't work in combination with setting up AKS.
mrdfuse
on 6 May 2019
So what's the solution ?? Documentation says to do something not possible and you are offering no workaround, this case needs to be reopened until we have a workaround and it is documented
toutougabi
on 8 May 2019
@toutougabi - I will bug the article and correct that as soon as possible. I'll need to discuss this with engineering to identify what that URI should be if still required, which I will do today. #in-progress
MGoedtel
on 8 May 2019
@toutougabi - Enginering is investigating this, so I don't have an answer for you yet. @shashishailaj - Please reopen this issue.
MGoedtel
on 8 May 2019
@toutougabi - Talked with engineering and what you can do to work around the wildcard restriction is perform the registration via App registration (legacy) from Azure AD following the existing steps in the doc. The type should be public. I am going to update the doc tomorrow to configure it this way in the meantime, because there are dependencies that impact us being able to design a proper workaround.
MGoedtel
on 9 May 2019
@MGoedtel Please let me know once you have updated the document and I will action this issue accordingly.
shashishailaj
on 10 May 2019
@shashishailaj - I've updated the article and it was released last week. #please-close.
MGoedtel
on 16 May 2019
@mgoedtel thank you for the update . . Closing this.
shashishailaj
on 17 May 2019
Related issues
mrdfuse
·
3Comments
spottedmahn
·
3Comments
Ponant
·
3Comments
AronT-TLV
·
3Comments
Favna
·
3Comments
Most helpful comment
Hi @shashishailaj @MGoedtel, I think you missed my point. It's your documentation that says to add a redirect uri with a wildcard in it (the second sentence of this paragraph: https://docs.microsoft.com/en-us/azure/azure-monitor/insights/container-insights-live-logs#configure-aks-with-azure-active-directory). That won't be possible anymore using the new app registration UI.
Furthermore the documentation should reflect the new UI, so stating if you need to add a web or public type when adding redirect uri's.
I hope you won't be removing the legacy experience anytime soon as I already found several cases where the new one doesn't work in combination with setting up AKS.