APIM - API - Using Managed Identity Authentication - Getting 500 Internal Server Error
krishna572
876
Reputation points
Details:
- Created a GET Request HTTP Trigger in Azure Function App with simple response message - "Your Http Trigger Function executed successfully."
- Imported this Function App API in Azure APIM Instance.
- In APIM Instance > Managed Identity under Security > System Identity to ON and save.
- In Function App > Authentication > Enabled App service authentication using Active Directory.
- In APIM Instance > GET API (Function App API) > Design > Inbound Processing > added this managed identity policy to inbound scope.
<authentication-managed-identity resource="<Function-App-URL>"/>
Now Testing the API through APIM >APIs > Function App API > Get operation > Test
Getting 500 Internal Server Error
In the Trace:
authentication-managed-identity
{
"message" : "Obtaining managed identity token using client id <someid> AAD Authority for <Function-App-URL> audience failed."
"errorResponse" : "System.InvalidOperationException: [MSAL] Authentication failed for Client Id. The resource principal named <function-app-url> was not found in the tenant named <tenant-name>. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant. "
}
Note:
- Function App is registered in the App Registrations under AD while enabling the App service Authentication Step.
- That Polices is set in Operation Level.
- My Role is Contributor
Solutions I checked to fix this:
- I checked the Tenant ID matches from the trace. No Mistake here.
- Tried in Incognito session, cleared all the cookies in the browsers.