Azure Teams Bot Single Sign On

Overview

This article is built on top of previous story https://cloudjourney.medium.com/azure-bot-service-39004019ccae

Demonstration

a) Create Microsoft App Id teams-sso-bot-app1

Application Id 67b9exxxxxxxxx

b) Create AAD App Registration (teamssso for AAD connection setting)

Client ID: 780fxxxxxx

  • 1fec8e78-bce4–4aaf-ab1b-5451cc387264 (Teams mobile/desktop application)
  • 5e3ce6c0–2b1f-4285–8d4b-75ee78787346 (Teams web application)

c) Update bot manifest json file

id is the teamssso client ID, resource is teamssso URI. Based on MS doc, the resource is the Application ID URI and mus not include scope name.

"bots": [
{
"botId": "67b9exxxxxxxxx",
"scopes": [
"personal",
"team",
"groupchat"
],
"supportsFiles": false,
"isNotificationOnly": false
}
],
"webApplicationInfo": {
"id": "780fxxxxxx",
"resource": "api://botid-67b9exxxxxxxxx"
},

d) Bot Channel Registration

Create Bot Channel Registration, for Microsoft App ID, use app registration from step a.

e) Publish Bot App

Clone code from repo

f) Update Bot Channel Registration with Bot App /api/messages URL

g) Ensure that you’ve enabled the Teams Channel

h) Zip manifest and upload to teams

manifest.json is located in experimental\teams-sso\csharp_dotnetcore\TeamsAppManifest folder

{
"error": {
"code": "ServiceError",
"message": "Missing required query string parameter: code. Url = https://token.botframework.com/.auth/web/redirect?error=invalid_request&error_description=AADSTS50194%3a+Application+%27780f4cda-d5e1 xxxxxxxxxxxx %27(teamssso)+is+not+configured+as+a+multi-tenant+application.+Usage+of+the+%2fcommon+endpoint+is+not+supported+for+such+applications+created+after+%2710%2f15%2f2018%27.+Use+a+tenant-specific+endpoint+or+configure+the+application+to+be+multi-tenant.%0d%0aTrace+ID%3a+ba53d......"
}
}

Appendix

References

BotBuilder-Samples/SSOSetup.md at main · microsoft/BotBuilder-Samples · GitHub

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloud Journey

Cloud Journey

All blogs are strictly personal and do not reflect the views of my employer, focus on cloud networking, cloud security and API security.