question

ArunS-9046 avatar image
0 Votes"
ArunS-9046 asked ArunS-9046 answered

DPS SAS token generation not working

Hi All,

I have few questions about Azure DPS connection and registration using SAS tokens. I'm referring to the sample application in the repo https://github.com/Azure/azure-sdk-for-c/blob/master/sdk/samples/iot/paho_iot_provisioning_sample.c

  1. "provisioning_registration_id", Is registration_id same as the the one mentioned in Azure account Manage enrollments->Individual Enrollments->REGISTRATION ID .

  2. How to generate SAS tokens for DPS? I'm not using x86 openssl. For HUB type, SAS token can be generated using Visual Studio Code. Similar mechanism is available?

I need SAS token to generate password.

Any support for the above will be of great help!

Thanks,
Arun



azure-iot-hubazure-stack-hubazure-iot-dps
· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @ArunS-9046 Welcome to Microsoft Q&A Platform and thanks for your query. Community SME's on this topic or our team will review your scenario and circle back at the possible earliest time.

1 Vote 1 ·

Hello @ArunS-9046 Just checking in if you have had a chance to see the previous response.
Please enable your preferred alert types on your Profile's Settings to get instant notifications on this thread's discussions. Here is how to subscribe to a notification.

0 Votes 0 ·
ArunS-9046 avatar image ArunS-9046 SatishBoddu-MSFT ·

@SatishBoddu-MSFT , My Azure account had expired and was not able to test the above mentioned scenario. Got new account, will generate SAS token for DPS using the link you shared and will update in this thread

0 Votes 0 ·
SatishBoddu-MSFT avatar image
0 Votes"
SatishBoddu-MSFT answered SatishBoddu-MSFT commented

Hello @ArunS-9046

1) Yes, please make a note of the RegistrationID

69801-image.png


2) Please refer to the below documentation links on various languages to generate the SAS token.

Azure/iot-dps/Detailed attestation process and,

Azure/iot-hub/Security token structure

Please let us know if you need further help in this matter.



image.png (38.4 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @ArunS-9046
Please comment in the below section If you need further help in this matter.
If the response is helpful, please click "Accept Answer" and upvote it.



0 Votes 0 ·

Hello @ArunS-9046
Just checking in if you have had a chance to see the previous response.
If the response is helpful, please click "Accept Answer" and upvote it.

Please enable your preferred alert types on your Profile's Settings to get instant notifications on this thread's discussions. Here is how to subscribe to a notification.

0 Votes 0 ·
SArunCSTIPLCSSICWSWPSW1-3440 avatar image
0 Votes"
SArunCSTIPLCSSICWSWPSW1-3440 answered SatishBoddu-MSFT commented

@SatishBoddu-MSFT
Sorry for late response.
Im still facing connection failure for DPS using SAS tokens. I followed the links you shared in this thread.

Below is the procedure followed,

  1. Created IoT hub for SAS tokens. This i'm able to successfully connect and run IoT hub sample applications.

  2. Created DPS service, linked the IoT hub, Added enrollment.

  3. Since im not using openssl i generated username and password locally. Here is the example of configuraitons im using it. Port [8883], username [test-dps.azure-devices-provisioning.net/deviceID01/?api-version=2018-06-30] and connection_password [https://docs.microsoft.com/en-us/azure/iot-hub/iot-hub-devguide-security#security-token-structure] used this link to generate manually.

Query:
- For IoT Hub i'm able to generate SAS tokens using visual code->"generate SAS Token for Device". Is there any similar way to generate the SAS tokens for DPS?

Any support on this will be helpful.









· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I hope you have already know about this document: Detailed attestation process
Symmetric key attestation with the Device Provisioning Service is performed using the same Security tokens supported by IoT hubs to identify devices.

When a device is attesting with an individual enrollment, the device uses the symmetric key defined in the individual enrollment entry to create the hashed signature for the SAS token.

For code examples that create a SAS token, see Security Tokens.


0 Votes 0 ·
SArunCSTIPLCSSICWSWPSW1-3440 avatar image
0 Votes"
SArunCSTIPLCSSICWSWPSW1-3440 answered SArunCSTIPLCSSICWSWPSW1-3440 published

@SatishBoddu-MSFT Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
uri -> (test-dps.azure-devices-provisioning.net)
key -> Symmetric Key ->primary key
policy_name -> None

With above configurations & python script im able to generate below SAS token
SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
Above SAS token is used as password during Azure MQTT connection

Observation: Connection refused from the Azure server for MQTT connect request
Query:
- Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
- Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SArunCSTIPLCSSICWSWPSW1-3440 avatar image
0 Votes"
SArunCSTIPLCSSICWSWPSW1-3440 answered SArunCSTIPLCSSICWSWPSW1-3440 published

@SatishBoddu-MSFT Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
uri -> (test-dps.azure-devices-provisioning.net)
key -> Symmetric Key ->primary key
policy_name -> None

With above configurations & python script im able to generate below SAS token
SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
Above SAS token is used as password during Azure MQTT connection

Observation: Connection refused from the Azure server for MQTT connect request
Query:
- Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
- Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ArunS-9046 avatar image
0 Votes"
ArunS-9046 answered ArunS-9046 published

@SatishBoddu-MSFT Trying to connect DPS using SAS tokens and Symmetric key where client as "Azure SDK for C" code..
Used Python script to generate the SAS tokens (def generate_sas_token(uri, key, policy_name, expiry=3600):
uri -> (test-dps.azure-devices-provisioning.net)
key -> Symmetric Key ->primary key
policy_name -> None

With above configurations & python script im able to generate below SAS token
SharedAccessSignature sr=test-dps.azure-devices-provisioning.net&sig=daP5K1GGeVFFghkkT2X4SX8iBLaO07rmtsPgMuzSmrc%3D&se=1616557869

Username is generated using SDK APi az_iot_provisioning_client_get_user_name()
Above SAS token is used as password during Azure MQTT connection

Observation: Connection refused from the Azure server for MQTT connect request
Query:
- Everytime "se" value in the SAS token will change, do we need to link the same in the Azure DPS portal?
- Do symmetric key has to be linked in the application as referenced in prov_dev_set_symmetric_key_info()

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ArunS-9046 avatar image
0 Votes"
ArunS-9046 answered

@SatishBoddu-MSFT ,
Can you confirm the Azure DPS connection using SAS token is supported in the https://github.com/Azure/azure-sdk-for-c/releases/tag/1.1.0 ? Im seeing connection refuse from the Azure server. Followed the links mentioned in this thread to generate SAS tokens.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.