cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Anonymous
Not applicable

How to configure SSO on a intranet page (SharePoint)

Hi,

 

I have been trying to configure SSO on our organization SharePoint website using PVA. But I don't see it to be working. I have been referring to the below URLs:

 

SSO doc 

https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso#:~:text=Power%20Virtual%20Agents....

 

GitHub Sample code doc

https://github.com/microsoft/PowerVirtualAgentsSamples/blob/master/BuildYourOwnCanvasSamples/3.singl...


I have created a HTML file adding the SSO code provided from the above doc and published in the SharePoint website. I do not wish to see the login sign in card which asks to pass the token rather I need to Sign-in directly once I click the Chatbot button.

 

pva1.png

 

I have also posted regarding the same in the past as well. But no luck. Any help is much appreciated. 

 

Regards,

Hemanth

1 ACCEPTED SOLUTION

Accepted Solutions
Anonymous
Not applicable

Hi @Anonymous 

 

Not sure if you are still facing issue with SSO working. I have got this issue fixed on my end and would like to share some inputs on that

 

1) I have seen the behavior of SSO and login that shows up in PVA bot is not consistent among browsers. Also you may be aware that the login status is stored in local stroage/session as specified in the MSAL.

 

2) I also saw that the code in github had issues related to how userId is passed. The particular line that was causing this login to come was this one below:

 

var userID = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ?
("<Prefix>" + clientApplication.account.accountIdentifier).substr(0, 64) :
(Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

 

The userID is being used in the webchat to pass the UserID and this is supposed to be the User Id from AAD which is not the case with the <Prefix>. I fixed this to pass just the Id and no prefix.

 

var userID = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ?
clientApplication.account.accountIdentifier:
(Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

 

This should take care of passing right UserID

 

if (action.type === 'DIRECT_LINE/CONNECT_FULFILLED')
{
/*
dispatch({
type: 'WEB_CHAT/SEND_EVENT',
payload: {
name: 'startConversation',
type: 'event',
value: {
text: "Hello"
}
}
});
return next(action);
*/
}

 

This is the code that is causing the Login to appear always. One more fix which I did in my case is to force the user login to happen before the webchat is displayed. This will make sure that the user token is created when webchat is initialized and what I have noticed is that after the below MSAL js changes, I never see a Login box in the chat.

 

if (!clientApplication)
{
clientApplication = new Msal.UserAgentApplication(msalConfig);
clientApplication.handleRedirectCallback(authRedirectCallBack);

//Below code will silently try to get token without popup. If there is no login already exists it will throw exception.
//As 2nd step, Login will be forced using LoginRedirect method
var newRequest =
{
scopes: ["user.read", 'openid', 'profile'],
}

clientApplication.acquireTokenSilent(newRequest).then(function(response)
{
//Now get the user display name
let user = clientApplication.getAccount();
document.getElementById("divUser").style.display="block";
document.getElementById("userName").innerHTML = " " + user.name;
}
).catch(function (error)
{
document.getElementById("divUser").style.display="block";
//Now get the user display name
document.getElementById("userName").innerHTML = "Not Logged in";
$('#divPopup').modal({backdrop: 'static',keyboard: false});
setTimeout(function()
{
//Now redirect to URI so that token will be created
clientApplication.loginRedirect(newRequest);

}, 2000);
});
}

 

The above code is trying to get token silently and if that fails it just forces login using redirect. This will make sure that first time user logs in, it will force token to be created and then it will be stored in local storage.

 

After this fix, my bot works fine all the time in the external web page. Hope this helps. Do not hesitate to ask any further questions.

View solution in original post

26 REPLIES 26
Anonymous
Not applicable

Hi @Anonymous 

 

Not sure if you are still facing issue with SSO working. I have got this issue fixed on my end and would like to share some inputs on that

 

1) I have seen the behavior of SSO and login that shows up in PVA bot is not consistent among browsers. Also you may be aware that the login status is stored in local stroage/session as specified in the MSAL.

 

2) I also saw that the code in github had issues related to how userId is passed. The particular line that was causing this login to come was this one below:

 

var userID = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ?
("<Prefix>" + clientApplication.account.accountIdentifier).substr(0, 64) :
(Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

 

The userID is being used in the webchat to pass the UserID and this is supposed to be the User Id from AAD which is not the case with the <Prefix>. I fixed this to pass just the Id and no prefix.

 

var userID = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ?
clientApplication.account.accountIdentifier:
(Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

 

This should take care of passing right UserID

 

if (action.type === 'DIRECT_LINE/CONNECT_FULFILLED')
{
/*
dispatch({
type: 'WEB_CHAT/SEND_EVENT',
payload: {
name: 'startConversation',
type: 'event',
value: {
text: "Hello"
}
}
});
return next(action);
*/
}

 

This is the code that is causing the Login to appear always. One more fix which I did in my case is to force the user login to happen before the webchat is displayed. This will make sure that the user token is created when webchat is initialized and what I have noticed is that after the below MSAL js changes, I never see a Login box in the chat.

 

if (!clientApplication)
{
clientApplication = new Msal.UserAgentApplication(msalConfig);
clientApplication.handleRedirectCallback(authRedirectCallBack);

//Below code will silently try to get token without popup. If there is no login already exists it will throw exception.
//As 2nd step, Login will be forced using LoginRedirect method
var newRequest =
{
scopes: ["user.read", 'openid', 'profile'],
}

clientApplication.acquireTokenSilent(newRequest).then(function(response)
{
//Now get the user display name
let user = clientApplication.getAccount();
document.getElementById("divUser").style.display="block";
document.getElementById("userName").innerHTML = " " + user.name;
}
).catch(function (error)
{
document.getElementById("divUser").style.display="block";
//Now get the user display name
document.getElementById("userName").innerHTML = "Not Logged in";
$('#divPopup').modal({backdrop: 'static',keyboard: false});
setTimeout(function()
{
//Now redirect to URI so that token will be created
clientApplication.loginRedirect(newRequest);

}, 2000);
});
}

 

The above code is trying to get token silently and if that fails it just forces login using redirect. This will make sure that first time user logs in, it will force token to be created and then it will be stored in local storage.

 

After this fix, my bot works fine all the time in the external web page. Hope this helps. Do not hesitate to ask any further questions.

Anonymous
Not applicable

Hi @Anonymous 

 

Thanks a lot for responding back..

 

Yes, I still face issues with SSO. Below is the code that I am using to achieve SSO. I have added the changes that was told by you to my code. I do not want to use the login button since I have already logged into my SharePoint website.

 

<!DOCTYPE html>
<html>
  <head>
    <title>Virtual Agent</title>
    <script src="https://cdn.botframework.com/botframework-webchat/latest/webchat.js"></script>

    <script
      type="text/javascript"
      src="https://alcdn.msauth.net/lib/1.2.0/js/msal.js"></script>

    <script
      src="https://unpkg.com/@azure/storage-blob@10.3.0/browser/azure-storage.blob.min.js"
      integrity="sha384-fsfhtLyVQo3L3Bh73qgQoRR328xEeXnRGdoi53kjo1uectCfAHFfavrBBN2Nkbdf"
      crossorigin="anonymous"></script>

    <script type="text/javascript">
      if (typeof Msal === "undefined")
        document.write(
          unescape(
            "%3Cscript src='https://alcdn.msftauth.net/lib/1.2.0/js/msal.js' type='text/javascript' %3E%3C/script%3E"
          )
        );
    </script>

    <style>
      html,
      body {
        height: 100%;
      }

      body {
        margin: 0;
      }

      .modal {
        display: none; /* Hidden by default */
        position: fixed; /* Stay in place */
        z-index: 1; /* Sit on top */
        padding-top: 100px; /* Location of the box */
        left: 0;
        top: 0;
        width: 100%; /* Full width */
        height: 100%; /* Full height */
        overflow: auto; /* Enable scroll if needed */
        background-color: rgb(0, 0, 0); /* Fallback color */
        background-color: rgba(0, 0, 0, 0.4); /* Black w/ opacity */
      }

      .modal-content {
        background-color: #fefefe;
        margin: auto;
        padding: 10px;
        border: 1px solid #888;
        width: 500px;
        height: 575px;
      }
      .close {
        color: black;
        float: right;
        font-size: 28px;
        font-weight: bold;
      }

      .close:hover,
      .close:focus {
        color: #000;
        text-decoration: none;
        cursor: pointer;
      }

      .main {
        margin: 18px;
        border-radius: 4px;
      }

      div[role="form"] {
        background-color: #3392ff;
      }

      #webchat {
        position: center;
        height: 530px;
        width: 100%;
        top: 60px;
        overflow: hidden;
      }
      #heading {
        padding-bottom: 5px;
      }

      h1 {
        font-size: 14px;
        font-family: Segoe UI;
        font-style: normal;
        font-weight: 600;
        font-size: 14px;
        line-height: 20px;
        color: #f3f2f1;
        letter-spacing: 0.005em;
        display: table-cell;
        vertical-align: middle;
        padding: 13px 0px 0px 20px;
      }

      #login {
        position: fixed;
        margin-left: 150px;
      }

      .span {
        font-weight: bold;
      }
      #myBtn {
        position: fixed;
        float: right;
        outline: none;
        width: 60px;
        height: 80px;
        margin: auto auto auto 10px;
      }
      button:hover {
        background-color: transparent;
      }
    </style>
  </head>
  <body>

    <button id="myBtn" type="button">Power Virtual Agent</button>

    <button id="login" name="login" onclick="onSignInClick()" style="background-color: aliceblue">Log In</button>

    <div id="myModal" class="modal">

      <div class="modal-content" style="background-color: #ffd933">

        <span class="close">&times;</span>
        <div id="chatwindow">
          <div id="heading">
            <span class="span"><strong>Virtual Agent</strong></span>
            <label id="divUser" name="divUser" style="width: 75%; height: 15px; border-color: Transparent"></label>
            <label id="userName" name="userName" style="width: 75%; height: 15px; border-color: Transparent">Not logged in.</label>
          </div>
          <div id="webchat"></div>
        </div>
      </div>
    </div>

    <script>

      var modal = document.getElementById("myModal");
      var btn = document.getElementById("myBtn");
      var span = document.getElementsByClassName("close")[0];
      btn.onclick = function () {
        modal.style.display = "block";
      };
      span.onclick = function () {
        modal.style.display = "none";
      };
      window.onclick = function (event) {
        if (event.target == modal) {
          modal.style.display = "none";
        }
      };

    </script>

    <script>
      function onSignin(idToken) {
        let user = clientApplication.getAccount();
        alert("User: " + JSON.stringify(user));

        document.getElementById("userName").innerHTML = "Currently logged in as " + user.name;
        let requestObj1 = {
          scopes: ["user.read", "openid", "profile"],
        };
      }

      function onSignInClick() {
        let user = clientApplication.getAccount();
        let requestObj = {
          scopes: ["user.read", "openid", "profile"],
        };

        clientApplication.loginPopup(requestObj).then(onSignin).catch(function (error) {
            console.log("error: " + error);
          });
      }

      function getOAuthCardResourceUri(activity) {
        if (
          activity &&
          activity.attachments &&
          activity.attachments[0] &&
          activity.attachments[0].contentType === "application/vnd.microsoft.card.oauth" &&
          activity.attachments[0].content.tokenExchangeResource)
          {
          return activity.attachments[0].content.tokenExchangeResource.uri;
          }
      }

      function exchangeTokenAsync(resourceUri) {
        let user = clientApplication.getAccount();

        if (user) {
          console.log("User exist " + JSON.stringify(user));

          let requestObj = {
            scopes: [resourceUri],
          };
          console.log("RequestObj: " + JSON.stringify(requestObj));

          return clientApplication.acquireTokenSilent(requestObj).then(function (tokenResponse) {
              console.log("ExchangeTokenAsync requestObj: " + tokenResponse.accessToken);
              return tokenResponse.accessToken;
            })
            .catch(function (error) {
              console.log("ExchangeTokenAsync error: " + error);
            });
        } else {
          return Promise.resolve(null);
        }
      }

      async function fetchJSON(url, options = {}) {
        const res = await fetch(url, {
          ...options,
          headers: {
            ...options.headers,
            accept: "application/json",
          },
        });

        if (!res.ok) {
          throw new Error(`Failed to fetch JSON due to ${res.status}`);
        }

        return await res.json();
      }
    </script>

    <script>
      var clientApplication;

      (function () {
        var msalConfig = {
          auth: {
            clientId: "<Removed Canvas Client ID>",
            authority:"https://login.microsoftonline.com/<Removed Directory ID>",
          },
          cache: {
            cacheLocation: "localStorage",
            storeAuthStateInCookie: false,
          },
        };
        if (!clientApplication) {
          clientApplication = new Msal.UserAgentApplication(msalConfig);

          // I get an error stating "Uncaught ReferenceError: authRedirectCallBack is not defined"
          clientApplication.handleRedirectCallback(authRedirectCallBack);

          //Below code will silently try to get token without popup. If there is no login already exists it will throw exception.
          //As 2nd step, Login will be forced using LoginRedirect method
          var newRequest = {
            scopes: ["user.read", "openid", "profile"],
          };

          clientApplication.acquireTokenSilent(newRequest).then(function (response)
          {
              //Now get the user display name
              let user = clientApplication.getAccount();
              document.getElementById("divUser").style.display = "block";
              document.getElementById("userName").innerHTML = " " + user.name;
          })
          .catch(function (error)
          {
              document.getElementById("divUser").style.display = "block";
              //Now get the user display name
              document.getElementById("userName").innerHTML = "Not Logged in";
              $("#divPopup").modal({ backdrop: "static", keyboard: false });
              setTimeout(function ()
              {
                //Now redirect to URI so that token will be created
                clientApplication.loginRedirect(newRequest);
              }, 2000);
          });
        }
      })();

      (async function main() {

        var BOT_ID = "<Removed BOT ID>";
        var theURL = "https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken?botId=" + BOT_ID;

        var userId = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ? clientApplication.account.accountIdentifier: (Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

        console.log("Async function main userId: " + userId);

        const { token } = await fetchJSON(theURL);
        const directLine = window.WebChat.createDirectLine({ token });
        const store = WebChat.createStore(
          {},
          ({ dispatch }) => (next) => (action) => {
            const { type } = action;
            if (action.type === "DIRECT_LINE/CONNECT_FULFILLED")
            {

              /*dispatch({
                type: "WEB_CHAT/SEND_EVENT",
                payload: {
                  name: "startConversation",
                  type: "event",
                  value: { text: "hello" },
                },
              });
              return next(action);*/

            }
            if (action.type === "DIRECT_LINE/INCOMING_ACTIVITY")
            {
              const activity = action.payload.activity;
              let resourceUri;
              if (activity.from && activity.from.role === "bot" &&(resourceUri = getOAuthCardResourceUri(activity)))
              {
                exchangeTokenAsync(resourceUri).then(function (token) {
                  if (token) {
                    directLine.postActivity({
                        type: "invoke",
                        name: "signin/tokenExchange",
                        value: {
                          id:activity.attachments[0].content.tokenExchangeResource.id,
                          connectionName:activity.attachments[0].content.connectionName,
                          token,
                        },
                        from: {
                          id: userId,
                          name: clientApplication.account.name,
                          role: "user",
                        },
                      }).subscribe((id) => {

                          console.log("id: " + id);

                          if (id === "retry")
                          {
                            console.log(`Bot was not able to handle the invoke, so display the oauthCard`);
                            return next(action);
                          }
                          console.log(`Else: tokenexchange successful and we do not display the oauthCard`);
                        },
                        (error) => {
                          console.log(`An error occurred to display the oauthCard`);
                          return next(action);
                        }
                      );
                    return;
                  } else return next(action);
                });
              } else return next(action);
            } else return next(action);
          }
        );

        const styleOptions = {
          // Add styleOptions to customize Web Chat canvas
       	 hideUploadButton: true
        };

        window.WebChat.renderWebChat(
          {
            directLine: directLine,
            store,
            userID: userId,
            styleOptions,
          },
          document.getElementById("webchat")
        );
      })().catch((err) => console.error("An error occurred: " + err));
    </script>
  </body>
</html>

 

I am getting an error stating

"Uncaught ReferenceError: authRedirectCallBack is not defined"  from the below line of code.
clientApplication.handleRedirectCallback(authRedirectCallBack);

 

So I just created a function

 

function authRedirectCallBack(error, response) {
if (error) {
console.log(error);
}
}
 
And I saw my name to be displayed on the label tag on the bot screen as below.
a1.jpg
 

I also see the below error as well

webchat.js:2 POST https://directline.botframework.com/v3/directline/conversations/6EES0CsPuThCYcqw3AK1Cb-6/activities 502

 

It always entry into the id === "retry" block of code.

 

if (id === "retry")
{
console.log(`Bot was not able to handle the invoke, so display the oauthCard`);
return next(action);
}

 

I still get the login box when I start to chat with my bot. 

 

Can you please help me solve this. Thanks.

Anonymous
Not applicable

@Anonymous ,

 

With this approach, the redirect URL needs to be passed

 

var msalConfig = 
	{
		auth: 
		{
	    	clientId: '', //Client Id of the AAD Aopp
	   		authority: 'https://login.microsoftonline.com/<TenantId>', //Login
	    	redirectUri: "<SharePoint Page where Bot will be hosted>", //URL that MSAL will redirect to when token is created
	    	navigateToLoginRequestUrl: false //Flag whether to navigate to page if token is not found
		},
	   	cache: 
	   	{
	     cacheLocation: 'localStorage', //Where to store the token information - Local storage
	     storeAuthStateInCookie: false //Whether to store auth information in cookie
	   	}
	};


if (!clientApplication) 
{
		clientApplication = new Msal.UserAgentApplication(msalConfig);
		clientApplication.handleRedirectCallback(authRedirectCallBack);	
}

function authRedirectCallBack(error, response) 
{
    //Do Nothing Here since we don't come back to this page.
    
}

Also make sure to add the redirect url of the SharePoint page where the bot is hosted in AAD App redirect Uri otherwise you will receive a error. 

 

Also can you check your AAD App settings to make sure the configuration is correct. Make sure to add your redirect uri.

 

Hope this helps.

Anonymous
Not applicable

@Anonymous 

 

Thank you, I have done the code changes as above. But no luck. I still see the login card.


Below is the code section of MSAL and the main method.

<script>
      var clientApplication;

      (function () {
        var msalConfig =
	       {
		     auth:
		          {
	    	         clientId: '<Have removed the Client ID>', //Client Id of the AAD Aopp
	   		         authority: 'https://login.microsoftonline.com/<Have removed the Directory ID>', //Login
	    	         redirectUri: "https://<org name>.sharepoint.com/sites/testing/MT/project/SitePages/Home.aspx", //URL that MSAL will redirect to when token is created
	    	         navigateToLoginRequestUrl: false //Flag whether to navigate to page if token is not found
		          },
	   	  cache:
	   	        {
	               cacheLocation: 'localStorage', //Where to store the token information - Local storage
	               storeAuthStateInCookie: false //Whether to store auth information in cookie
	   	        }
	       };

             if (!clientApplication)
             {
		             clientApplication = new Msal.UserAgentApplication(msalConfig);
		             clientApplication.handleRedirectCallback(authRedirectCallBack);
             }

      function authRedirectCallBack(error, response)
      {
        //Do Nothing Here since we don't come back to this page.

      }


          //Below code will silently try to get token without popup. If there is no login already exists it will throw exception.
          //As 2nd step, Login will be forced using LoginRedirect method
          var newRequest = {
            scopes: ["user.read", "openid", "profile"],
          };

          clientApplication.acquireTokenSilent(newRequest).then(function (response)
          {
              //Now get the user display name
              let user = clientApplication.getAccount();
              document.getElementById("divUser").style.display = "block";
              document.getElementById("userName").innerHTML = " " + user.name;
          })
          .catch(function (error)
          {
              document.getElementById("divUser").style.display = "block";
              //Now get the user display name
              document.getElementById("userName").innerHTML = "Not Logged in";
              $("#divPopup").modal({ backdrop: "static", keyboard: false });
              setTimeout(function ()
              {
                //Now redirect to URI so that token will be created
                clientApplication.loginRedirect(newRequest);
              }, 2000);
          });
      })();

      (async function main() {

        var BOT_ID = "<Have removed the Bot ID>";
        var theURL = "https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken?botId=" + BOT_ID;

        var userId = clientApplication.account!=null && clientApplication.account.accountIdentifier != null ? clientApplication.account.accountIdentifier: (Math.random().toString() + Date.now().toString()).substr(0, 64); // Make sure this will not exceed 64 characters

        console.log("Async function main userId: " + userId);

        const { token } = await fetchJSON(theURL);
        const directLine = window.WebChat.createDirectLine({ token });
        const store = WebChat.createStore(
          {},
          ({ dispatch }) => (next) => (action) => {
            const { type } = action;
            if (action.type === "DIRECT_LINE/CONNECT_FULFILLED")
            {
              /*
              dispatch({
                type: "WEB_CHAT/SEND_EVENT",
                payload: {
                  name: "startConversation",
                  type: "event",
                  value: { text: "hello" },
                },
              });
              return next(action);
              */
            }
            if (action.type === "DIRECT_LINE/INCOMING_ACTIVITY")
            {
              const activity = action.payload.activity;
              let resourceUri;
              if (activity.from && activity.from.role === "bot" &&(resourceUri = getOAuthCardResourceUri(activity)))
              {
                exchangeTokenAsync(resourceUri).then(function (token) {
                  if (token) {
                    directLine.postActivity({
                        type: "invoke",
                        name: "signin/tokenExchange",
                        value: {
                          id:activity.attachments[0].content.tokenExchangeResource.id,
                          connectionName:activity.attachments[0].content.connectionName,
                          token,
                        },
                        from: {
                          id: userId,
                          name: clientApplication.account.name,
                          role: "user",
                        },
                      }).subscribe((id) => {

                          console.log("id: " + id);

                          if (id === "retry")
                          {
                            console.log(`Bot was not able to handle the invoke, so display the oauthCard`);
                            return next(action);
                          }
                          console.log(`Else: tokenexchange successful and we do not display the oauthCard`);
                        },
                        (error) => {
                          console.log(`An error occurred to display the oauthCard`);
                          return next(action);
                        }
                      );
                    return;
                  } else return next(action);
                });
              } else return next(action);
            } else return next(action);
          }
        );

        const styleOptions = {
          // Add styleOptions to customize Web Chat canvas
       	 hideUploadButton: true
        };

        window.WebChat.renderWebChat(
          {
            directLine: directLine,
            store,
            userID: userId,
            styleOptions,
          },
          document.getElementById("webchat")
        );
      })().catch((err) => console.error("An error occurred: " + err));
    </script>

 

Below is code section of all functions

  <script>
      function onSignin(idToken) {
        let user = clientApplication.getAccount();
        alert("User: " + JSON.stringify(user));

        document.getElementById("userName").innerHTML = "Currently logged in as " + user.name;
        let requestObj1 = {
          scopes: ["user.read", "openid", "profile"],
        };
      }

      function onSignInClick() {
        let user = clientApplication.getAccount();
        let requestObj = {
          scopes: ["user.read", "openid", "profile"],
        };

        clientApplication.loginPopup(requestObj).then(onSignin).catch(function (error) {
            console.log("error: " + error);
          });
      }

      function getOAuthCardResourceUri(activity) {
        if (
          activity &&
          activity.attachments &&
          activity.attachments[0] &&
          activity.attachments[0].contentType === "application/vnd.microsoft.card.oauth" &&
          activity.attachments[0].content.tokenExchangeResource)
          {
          return activity.attachments[0].content.tokenExchangeResource.uri;
          }
      }

      function exchangeTokenAsync(resourceUri) {
        let user = clientApplication.getAccount();

        if (user) {
          console.log("User exist " + JSON.stringify(user));

          let requestObj = {
            scopes: [resourceUri],
          };
          console.log("RequestObj: " + JSON.stringify(requestObj));

          return clientApplication.acquireTokenSilent(requestObj).then(function (tokenResponse) {
              console.log("ExchangeTokenAsync requestObj: " + tokenResponse.accessToken);
              return tokenResponse.accessToken;
            })
            .catch(function (error) {
              console.log("ExchangeTokenAsync error: " + error);
            });
        } else {
          return Promise.resolve(null);
        }
      }

      async function fetchJSON(url, options = {}) {
        const res = await fetch(url, {
          ...options,
          headers: {
            ...options.headers,
            accept: "application/json",
          },
        });

        if (!res.ok) {
          throw new Error(`Failed to fetch JSON due to ${res.status}`);
        }

        return await res.json();
      }
    </script>


I have added the SharePoint redirect uri in the code and on the AAD app as well.

The SSO configuration in Azure AD are done as per the doc provided by Microsoft.

 

Azure Canvas/SSO App registration

azure2.jpg

 

Azure Authentication App registration

azure3.jpg

 

In the console I see the below error

 

POST https://directline.botframework.com/v3/directline/conversations/52jH6J9MMCFFFk77eFTDHO-f/activities 502

 

And as the id is "retry" it enters into the if block of (id==='retry') so the login card always shows up.

Anonymous
Not applicable

I rally have not seen this error. This certainly means the bot is not able to communicate may be due to token exchange issue. Can you verify your bot token exchange url and make sure it is update in AAD app as well as PVA settings? Also the error 502 means some kind of user error. Can you try to step through the code and put a breakpoint to see what part f the code is failing. As the user tries to talk to bot, the request and response changes. Check that out

Anonymous
Not applicable

@Anonymous 

I did try to add break points and try to check which step is failing, But I am not able to figure which step fails from the code, as per the below snapshot I could see my name being passed but the end I still see the login card on by chatbot.

 

code.jpg

 

Both the redirect uri on the AAD app registration and on code are same. I have done all the code changes as updated by you. Not sure what is causing this issue. 

Anonymous
Not applicable

@Anonymous  The reason why you are seeing your user name is due to MSAL authenticating. I think the issue is with exchangeTokenAsync(). Can you debug into this and see what is happening after receiving the token. Did you check your token exchange Url to match with AAD app? 

Anonymous
Not applicable

@Anonymous 

 

The token exchange Uri that I have added in the PVA Authentication section and the AAD Canvas app both matches.

Please find the below snapshot of exchangeTokenAsync() function code with breakpoint

 

code2.jpg

Below error is what i see on my console as well.

code1.jpg

Anonymous
Not applicable

Hi @Anonymous 

 

I was successfully able to achieve SSO. I did the changes on the PVA Authentication section by changing the Service Provider from Generic OAuth 2 to Azure Active Directory V2 which was the main reason for the POST error that I was getting in the console. By doing this and the code changes that you have provided me help me a lot to successfully achieve SSO. Many Thanks.

Helpful resources

Announcements

Exciting News for Copilot Studio Community! 🌟

Get ready to experience a whole new level of engagement with the Copilot Studio Community beginning this June! We’re thrilled to announce significant enhancements to our Community Blogs and Forums, designed to foster collaboration, creativity, and connection in the Community. 🚀💡   PLEASE NOTE: We are very excited that Copilot Studio Forums and Blogs. Because of the launch of the new Copilot Studio Community, Forums and Blogs will be made as read-only from May 30-June 4 and will be available on the new platform on June 4th. If you have recently made a post in the Forums or Blogs, no worries, all of your content will be updated and available on the new platform.   What’s New? 🌟 Revamped Community Blogs: Dive into a more intuitive and enriched blogging experience, where sharing knowledge and insights is easier and more enjoyable than ever. Enhanced Forums: Engage in discussions, ask questions, and connect with peers through our improved forums, now with better navigation and user-friendly features.  Why Check It Out? ✔ Stay Informed: Keep up with the latest trends, tips, and tricks from Copilot experts and fellow community members.Expand Your Network: Connect with like-minded professionals and build lasting relationships within the community.Share Your Voice: Contribute your own stories, solutions, and successes to inspire and educate others.   Stay tuned for more details as we approach the launch date. We can’t wait for you to join us in this new chapter of the Copilot Studio Community. Together, let’s make it a hub of innovation and inspiration!   

Celebrating the May Super User of the Month: Laurens Martens

  @LaurensM  is an exceptional contributor to the Power Platform Community. Super Users like Laurens inspire others through their example, encouragement, and active participation. We are excited to celebrated Laurens as our Super User of the Month for May 2024.   Consistent Engagement:  He consistently engages with the community by answering forum questions, sharing insights, and providing solutions. Laurens dedication helps other users find answers and overcome challenges.   Community Expertise: As a Super User, Laurens plays a crucial role in maintaining a knowledge sharing environment. Always ensuring a positive experience for everyone.   Leadership: He shares valuable insights on community growth, engagement, and future trends. Their contributions help shape the Power Platform Community.   Congratulations, Laurens Martens, for your outstanding work! Keep inspiring others and making a difference in the community!   Keep up the fantastic work!        

Check out the Copilot Studio Cookbook today!

We are excited to announce our new Copilot Cookbook Gallery in the Copilot Studio Community. We can't wait for you to share your expertise and your experience!    Join us for an amazing opportunity where you'll be one of the first to contribute to the Copilot Cookbook—your ultimate guide to mastering Microsoft Copilot. Whether you're seeking inspiration or grappling with a challenge while crafting apps, you probably already know that Copilot Cookbook is your reliable assistant, offering a wealth of tips and tricks at your fingertips--and we want you to add your expertise. What can you "cook" up?   Click this link to get started: https://aka.ms/CS_Copilot_Cookbook_Gallery   Don't miss out on this exclusive opportunity to be one of the first in the Community to share your app creation journey with Copilot. We'll be announcing a Cookbook Challenge very soon and want to make sure you one of the first "cooks" in the kitchen.   😊Don't miss your moment--start submitting in the Copilot Cookbook Gallery today!     Thank you,  Engagement Team

Announcing Power Apps Copilot Cookbook Gallery

We are excited to share that the all-new Copilot Cookbook Gallery for Power Apps is now available in the Power Apps Community, full of tips and tricks on how to best use Microsoft Copilot as you develop and create in Power Apps. The new Copilot Cookbook is your go-to resource when you need inspiration--or when you're stuck--and aren't sure how to best partner with Copilot while creating apps.   Whether you're looking for the best prompts or just want to know about responsible AI use, visit Copilot Cookbook for regular updates you can rely on--while also serving up some of your greatest tips and tricks for the Community. Check Out the new Copilot Cookbook for Power Apps today: Copilot Cookbook - Power Platform Community.  We can't wait to see what you "cook" up!      

Welcome to the Copilot Studio Community!

You are now a part of a vibrant growing group of peers and industry experts who are here to network, share knowledge, and even have a little fun!   If you have not yet registered, please visit here to learn how to register!   Now that you are a member, you can enjoy the following resources:   The Microsoft Copilot Studio Community Forums If you are looking for support with any part of Microsoft Copilot Studio, our forums are the place to go. They are titled "Forums" and there you will find technical professionals with years of experience who are ready and eager to answer your questions. You now have the ability to post, reply and give "kudos" on the Copilot Studio Community forums! Make sure you conduct a quick search before creating a new post because your question may have already been asked and answered!   Microsoft Copilot Studio Ideas Do you have an idea to improve the Microsoft Copilot Studio experience, or a feature request for future product updates? Then the "Copilot Studio Ideas" section is where you can contribute your suggestions and vote for ideas posted by other Community members. We constantly look to the most voted Ideas when planning updates, so your suggestions and votes will always make a difference.   News & Announcements The Copilot Studio Community News & Announcements is your stop to get all the latest news around Community events and announcements. This is where we share with the Community what is going on and how to participate!   Copilot Studio Samples, Learning and Video Galleries We have galleries that can assist you with information on creating a bot in our Webinars and Video Gallery,  and the ability to share the bots you have created in our Bot Sharing Gallery.  Check out the awesome content being shared there today!   Again, we are excited to welcome you to the Microsoft Copilot Studio Community family! Whether you are brand new to the world of bot creation or you are a seasoned Copilot Studio veteran, our goal is to shape the Community to be your ‘go to’ for support, networking, education, inspiration and encouragement as we enjoy this adventure together!   Let us know in the Community Feedback if you have any questions or comments about your Community experience. To learn more about the Community and your account be sure to visit our Community Support Area boards to learn more!   We look forward to seeing you in the Copilot Studio Community!The Copilot Studio Community Team

Tuesday Tip | How to Report Spam in Our Community

It's time for another TUESDAY TIPS, your weekly connection with the most insightful tips and tricks that empower both newcomers and veterans in the Power Platform Community! Every Tuesday, we bring you a curated selection of the finest advice, distilled from the resources and tools in the Community. Whether you’re a seasoned member or just getting started, Tuesday Tips are the perfect compass guiding you across the dynamic landscape of the Power Platform Community.   As our community family expands each week, we revisit our essential tools, tips, and tricks to ensure you’re well-versed in the community’s pulse. Keep an eye on the News & Announcements for your weekly Tuesday Tips—you never know what you may learn!   Today's Tip: How to Report Spam in Our Community We strive to maintain a professional and helpful community, and part of that effort involves keeping our platform free of spam. If you encounter a post that you believe is spam, please follow these steps to report it: Locate the Post: Find the post in question within the community.Kebab Menu: Click on the "Kebab" menu | 3 Dots, on the top right of the post.Report Inappropriate Content: Select "Report Inappropriate Content" from the menu.Submit Report: Fill out any necessary details on the form and submit your report.   Our community team will review the report and take appropriate action to ensure our community remains a valuable resource for everyone.   Thank you for helping us keep the community clean and useful!

Users online (3,154)