question

cvashm avatar image
0 Votes"
cvashm asked AmoghGupta-6931 commented

When disabling signup, then login to the developer portal no longer works

I'm seeing across multiple API management instances, then when I disable signup (https://docs.microsoft.com/en-us/rest/api/apimanagement/2020-06-01-preview/sign-up-settings/update#request-body, properties.enabled = false), then signup is effectively blocked as expected. But unfortunately I'm also no longer able to sign in to the developer portal with neither a new (invited) nor an existing user. Instead I'm getting am "Please provide a valid email and password". If I invite a new user, and that user opens the invitation link and sets the password, then the user is actually logged in. If that user then logs out, then he is not able to login again.

I have observed that the "Username and password" provider (Developer portal | Identities) is removed, when I set the enabled = false. Likewise the provider appears again, when setting enabled = true.

Am I doing something wrong, in order to achieve "invite-only" behavior in the developer portal?

azure-api-management
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@cvashm Apology for the delay and thanks for reaching out. I will reach out to my team to confirm if this is the expected behavior for the update sign up setting API and if there is any way to achieve "invite-only" behavior.

1 Vote 1 ·

1 Answer

MayankBargali-MSFT avatar image
0 Votes"
MayankBargali-MSFT answered AmoghGupta-6931 commented

@cvashm Apology for the delay.
I have got the confirmation from my team that it is expected behavior when we disable the sign up setting functionality then the existing user cannot signin to the developer portal (they receive username/pass is incorrect message). If we disabled it again with the same username and password the user we can login to the developer portal.

When the sign-in and sign-up are both disabled - you are disabling the whole identity provider (basic auth). You can also perform this action by removing the identity provider from the "Identities" page in the Azure portal.
At this moment, there's no option to disable sign-up only, except for the authentication delegation.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@MayankBargali-MSFT ,thanks a lot for the answer, which clarified our observations (but nonetheless, leaves us a bit confused on the purpose of property, "properties.enabled" on the "Sign Up Settings"). :)

One last question: so if we enable delegation for "signup-in and sign-up" (https://docs.microsoft.com/en-us/azure/api-management/api-management-howto-setup-delegation#set-up-api-management-to-route-requests-via-delegation-endpoint) and point the URL to "nowhere", are we effectively guaranteed that no user can manually signup by doing a POST to https://<instancename>.azure-api.net/signup (like the signup page does)?

0 Votes 0 ·

@MayankBargali-MSFT, When I delegate the Sign in and use the SSO link to return the signed on page, I am unable to stay signed on. I get logged off on even a single click

0 Votes 0 ·