Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure Environment #64

Closed
audacity76 opened this issue Aug 24, 2016 · 7 comments
Closed

Azure Environment #64

audacity76 opened this issue Aug 24, 2016 · 7 comments
Labels
enhancement

Comments

@audacity76
Copy link

I try to use Let's Encrypt Extension (x86) on another Azure Environment (German Azure Cloud). Is there any Azure Environment setting that needs to be set to make the extension work? I'm getting an error when I try to save the extension settings:

System.Runtime.Serialization.SerializationException: There was an error deserializing the object of type Microsoft.IdentityModel.Clients.ActiveDirectory.TokenResponse. Encountered unexpected character '<'. ---> System.Xml.XmlException: Encountered unexpected character '<'. at System.Xml.XmlExceptionHelper.ThrowXmlException(XmlDictionaryReader reader, XmlException exception) at System.Runtime.Serialization.Json.XmlJsonReader.ReadAttributes() at System.Runtime.Serialization.Json.XmlJsonReader.ReadNonExistentElementName(StringHandleConstStringType elementName) at System.Runtime.Serialization.Json.XmlJsonReader.Read() at System.Xml.XmlBaseReader.IsStartElement() at System.Xml.XmlBaseReader.IsStartElement(XmlDictionaryString localName, XmlDictionaryString namespaceUri) at System.Runtime.Serialization.XmlReaderDelegator.IsStartElement(XmlDictionaryString localname, XmlDictionaryString ns) at System.Runtime.Serialization.XmlObjectSerializer.IsRootElement(XmlReaderDelegator reader, DataContract contract, XmlDictionaryString name, XmlDictionaryString ns) at System.Runtime.Serialization.Json.DataContractJsonSerializer.InternalIsStartObject(XmlReaderDelegator reader) at System.Runtime.Serialization.Json.DataContractJsonSerializer.InternalReadObject(XmlReaderDelegator xmlReader, Boolean verifyObjectName) at System.Runtime.Serialization.XmlObjectSerializer.InternalReadObject(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver) at System.Runtime.Serialization.XmlObjectSerializer.ReadObjectHandleExceptions(XmlReaderDelegator reader, Boolean verifyObjectName, DataContractResolver dataContractResolver) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.RunAsyncTask[T](Task`1 task) at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.AcquireToken(String resource, ClientCredential clientCredential) at LetsEncrypt.SiteExtension.ArmHelper.GetWebSiteManagementClient(IAuthSettings model) in J:\Projects\letsencrypt-siteextension\LetsEncrypt.SiteExtension.Core\ArmHelper.cs:line 18 at LetsEncrypt.SiteExtension.Controllers.HomeController.Index(AuthenticationModel model)

If I add the app settings by hand and jump over to WebJobs view the Let's Encrypt extension says:

Unhandled Exception: System.InvalidOperationException: The account credentials for 'NameOfStorageAccount' are incorrect at Microsoft.Azure.WebJobs.Host.Executors.DefaultStorageCredentialsValidator.d__4.MoveNext()
@audacity76
Copy link
Author

AzureWebJobsDashboard connection string needs ;EndpointSuffix=core.cloudapi.de (in my case)

thanks anyway

@sjkp
Copy link
Owner

sjkp commented Aug 24, 2016

Thanks for the information, I was not aware of the different URI's for storage account in the german data centers.

@audacity76
Copy link
Author

Your are welcome. Access to the AzureWebJobsDashboard works now but I still got errors. Not only URIs for storage account are different. Here is a list of differences. Some URIs need to be adaptable to make the extension work in other azure environments...

Examples:

letsencrypt-siteextension/LetsEncrypt.SiteExtension.Core/ArmHelper.cs

Line 18 in c96b6de

var settings = ActiveDirectoryServiceSettings.Azure;

letsencrypt-siteextension/LetsEncrypt-SiteExtension/Controllers/HomeController.cs

Line 232 in c96b6de

var settings = ActiveDirectoryServiceSettings.Azure;

letsencrypt-siteextension/LetsEncrypt-SiteExtension/Controllers/HomeController.cs

Line 234 in c96b6de

var graphToken = authContext.AcquireToken("https://management.core.windows.net/", new ClientCredential("d1b853e2-6e8c-4e9e-869d-60ce913a280c", "hVAAmWMFjX0Z0T4F9JPlslfg8roQNRHgIMYIXAIAm8s="));

letsencrypt-siteextension/LetsEncrypt-SiteExtension/Modules/ARMOAuthModule.cs

Line 22 in c96b6de

public const string ManagementResource = "https://management.core.windows.net/";

Name : AzureGermanCloud

EnableAdfsAuthentication : False
ActiveDirectoryServiceEndpointResourceId : https://management.core.cloudapi.de/
AdTenant :
GalleryUrl : https://gallery.cloudapi.de/
ManagementPortalUrl : http://portal.microsoftazure.de/
ServiceManagementUrl : https://management.core.cloudapi.de/
PublishSettingsFileUrl : https://manage.microsoftazure.de/publishsettings/index
ResourceManagerUrl : https://management.microsoftazure.de/
SqlDatabaseDnsSuffix : .database.cloudapi.de
StorageEndpointSuffix : core.cloudapi.de // can be included in AzureWebJobsDashboard connection string
ActiveDirectoryAuthority : https://login.microsoftonline.de/
GraphUrl : https://graph.cloudapi.de/
TrafficManagerDnsSuffix : azuretrafficmanager.de
AzureKeyVaultDnsSuffix : vault.microsoftazure.de
AzureKeyVaultServiceEndpointResourceId : https://vault.microsoftazure.de

Name : AzureCloud

EnableAdfsAuthentication : False
ActiveDirectoryServiceEndpointResourceId : https://management.core.windows.net/
AdTenant :
GalleryUrl : https://gallery.azure.com/
ManagementPortalUrl : http://go.microsoft.com/fwlink/?LinkId=254433
ServiceManagementUrl : https://management.core.windows.net/
PublishSettingsFileUrl : http://go.microsoft.com/fwlink/?LinkID=301775
ResourceManagerUrl : https://management.azure.com/
SqlDatabaseDnsSuffix : .database.windows.net
StorageEndpointSuffix : core.windows.net
ActiveDirectoryAuthority : https://login.microsoftonline.com/ aka https://login.windows.net
GraphUrl : https://graph.windows.net/
TrafficManagerDnsSuffix : trafficmanager.net
AzureKeyVaultDnsSuffix : vault.azure.net
AzureKeyVaultServiceEndpointResourceId : https://vault.azure.net

@audacity76 audacity76 reopened this Aug 25, 2016
@zoka-ml
Copy link

zoka-ml commented Jan 11, 2017

Hi.
I would like to kindly ask, if there is estimation on implement this feature? Thanks.
Michal L.

@sjkp
Copy link
Owner

sjkp commented Jan 11, 2017
edited
Loading

I just updated the site extension with the required changes, but I can not access the kudu portal in german data centers alas I have no way to test my changes. Are any of you able to open the kudu portal on a site hosted on azurewebsites.de (i just get access denied).

sjkp added a commit that referenced this issue Jan 11, 2017
@sjkp
#64
eacd6c0
@sjkp
Copy link
Owner

sjkp commented Jan 11, 2017

I open this projectkudu/kudu#2293

@sjkp
Copy link
Owner

sjkp commented Jan 12, 2017

I have just tested that the updated version 0.5.2, now makes it possible to use the extension in azure germany. Please read https://github.com/sjkp/letsencrypt-siteextension/wiki/Azure-Germany,-US-or-China for instructions on the extra app settings you need to provide for using it in other regions. I didn't hardcode the strings for the other regions as I suspect we will see more of them in the future.

@sjkp sjkp closed this as completed Jan 12, 2017
@ohadschn ohadschn mentioned this issue Nov 7, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sjkp @audacity76 @zoka-ml