question

mrB-0683 avatar image
mrB-0683 asked ·

FHIR API: Cannot save authorized object ids in authentication tab

Hi,

when i click save in FHIR authentication tab (i use fhir api) azure says:

bad request, cannot save

I may attach the JSON log if needed.

Do you fave any idea? It seems somthing in Azure is broken (my FHIR service is version STU 3)

i only changed AD description in the meanwhile, i don't think it could be an issue.

thanks

Marco

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FrankHuMSFT-3200 avatar image
FrankHuMSFT-3200 answered ·

Hello @mrB-0683,

This shouldn't be happening, if you'r experiencing this in the Azure portal, try using a different browser and making sure that your network connection is stable. If you're still experiencing this issue please provide the JSON log,

If you're still having an issue here, please email AzCommunity[at]microsoft[dot]com and I can enable a one time free support ticket. Please provide your Azure Subscription GUID and a reference to this thread. And hopefully we can get you on the right path again soon. 

Please see : https://blogs.msdn.microsoft.com/mschray/2016/03/18/getting-your-azure-subscription-guid-new-portal/

On how to get a subscription GUID.

In addition to that once you are able to resolve your issue with the support engineer, please post your response on this thread so that future readers will be able to benefit from your solution. 

Thanks,
- Frank Hu

Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ShashiShailaj-MSFT avatar image
ShashiShailaj-MSFT answered ·

I checked the details and found that in your scenario this can happen if you are using Microsoft Account (Live ID) , it can give you an error. I am assuming that you have logged on to the portal using a live ID which have Owner privileges on the Azure subscription and is a global admin in the Azure AD associated with that subscription where you have deployed Azure API for FHIR. Please follow the steps below.

  1. I would suggest you to logon to azure Portal with global admin account that you use currently and create a new local user within the Azure AD which would be like (newUser)@(tenant).onmicrosoft.com .

  2. Once this user is created please assign the Global Administrator role to this account .

  3. Provide this global administrator Owner rights on the subscription where you have Azure API for FHIR deployed .

  4. Once done , please use a new cookie-isolation browser session (preferably Inprivate/incognito/private window) to logon with this new user to the azure portal and you should be able to modify the Azure API for FHIR and add new users using "allowed Object Ids" list provided the object Ids are for users from the same tenant .

  5. In case your Azure AD tenant is a viral tenant , you may need to use viral tenant takeover procedure if the above does not work and then follow the above steps 1-4 again to accomplish the task of adding multiple allowed object Ids in Authentication tab.

I tried adding a user in my test Azure API for FHIR deployment and the following is what I see in the change history logs for the write operation activity . You can check this from Activity log and inspecting the write operation details.

alt text

And you can see below that I had added the same Object ID in the authentication tab as show above in the change history reports .

alt text

I have included the multiple links for making sure that you have all the details as needed. I am fairly certain that this would solve your issue , However if it does not , please feel free to reply in comment and let us know about your findings.

Should the information in this post help you , please feel free to mark it as answer and vote as helpful so that it is helpful to other community members.

Thank you.


fhir01.jpg (85.6 KiB)
fhir02.jpg (70.8 KiB)
1 comment Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

At a first step the issue is still there. I attach a screenshot and the json. But, in the meanwhile i'll get in touch with engineering, i'll take some more time to get sure i did all the steps correctly, expecially the last about viral domains. I'll report back to you and all the finding asap


Marco


0 Votes 0 · ·
errorjpeg.png (222.4 KiB)
error-json2.txt (3.6 KiB)