AnsweredAssumed Answered

FMS17 External Auth: Saving Azure Key Strips Plus Character

Question asked by EdwardMcPikeJr on Oct 17, 2018
Latest reply on Oct 29, 2018 by EdwardMcPikeJr

Product and version:  FileMaker Server 17.0.2

Hardware:  2-server configuration, both with Windows Server 2016; 32GB RAM; 12-core; gobs of hard drive space


Description:  After setting up Microsoft External Authentication in the FileMaker Server 17 Admin Console by copy/pasting the Directory ID, Azure Application ID, and Azure Key, I tested my files (which had Azure Groups added to them) from FileMaker Pro and WebDirect.  FileMaker Pro 17 did not show a Sign in with Microsoft button.  WebDirect generates a Sign in with Microsoft logo in the login window, but it fails with a message of "Message: AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: <<application ID>>."


I searched in many places to figure out what was wrong, then looked at my configuration settings again and noticed there was a space in my Azure Key.  I checked the source and realized the space should have been a "+" character.  I added it and clicked save.  Tested again, but same results.  Triple-checked the key and the space was there again.  Added it back, clicked Save, then looked right away and saw it was stripped out.  I then typed the entire key and clicked save, but it was still stripped out.


How to replicate:  Set up Microsoft Azure Application ID in Azure, generate key with "+" in it, put all three pieces of info into the FileMaker Server 17 Administration...External Authentication...Microsoft section and click Save Authentication Settings.  Heck, you probably don't even need to generate a key - just type a bunch of letters and numbers and include a "+".  Click save and it'll probably be stripped.  (Just confirmed - any random string of letters and numbers with a plus character will have the character stripped out.)


Workaround (if any):  Regenerate keys in Azure until you have one without a plus sign (I hope, as I'll by requesting this from our Azure admin in the morning).




Ed McPike