Solved: How to configure SSO on a intranet page (SharePoin... - Page 2

Anonymous · ‎01-11-2021

Hi,

I have been trying to configure SSO on our organization SharePoint website using PVA. But I don't see it to be working. I have been referring to the below URLs:

SSO doc

https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso#:~:text=Power%20Virtual%20Agents....

GitHub Sample code doc

https://github.com/microsoft/PowerVirtualAgentsSamples/blob/master/BuildYourOwnCanvasSamples/3.singl...

I have created a HTML file adding the SSO code provided from the above doc and published in the SharePoint website. I do not wish to see the login sign in card which asks to pass the token rather I need to Sign-in directly once I click the Chatbot button.

I have also posted regarding the same in the past as well. But no luck. Any help is much appreciated.

Regards,

Hemanth

neeraja · ‎06-15-2021

I have deployed my bot at SharePoint home.aspx page. can you please guide me where and how to add the SSO custom HTML code

skandadai · ‎06-15-2021

Hello @neeraja - I have some issues with my id and hence could not login. Can you share more details on what is the exact issue. You just need to add the html code for chat and pass the user id obtained using MSAL.js. This way the user will not be prompted for login as part of the boht

neeraja · ‎06-15-2021

Yeah, correct. I want to achieve the Single sign on when i deploy my power virtual agent chatbot on sharepoint home page.

i have deployed my chatbot at sharepoint home page using embed option and add the iframe content which i got it from Power virtual agent publish options

Now my question is Where to add that HTML content, also at embed panel at sharepoint edit page option? please confirm..

skandadai · ‎06-15-2021

The iframe option will always prompt the user to login but does not require any HTML code. the HTML code is needed when you want to have your custom chatbot page and customize the bot. Also for the bot to work on other web sites, you have to configure AAD as defined in the PVA portal.

Add a chatbot to mobile and web apps - Power Virtual Agents | Microsoft Docs

Customize the web chat canvas - Power Virtual Agents | Microsoft Docs

neeraja · ‎06-15-2021

So when i embed chatbot on sharepoint page or any internet page it will ask us to prompt always. this is what you are saying right?

Then how can we achieve sso in this scenario..

My requirement is i need to deploy the power virtual agent on sharepoint home page and when user say hi at chatbot.. it should recognize user without asking for login propmt as we alr logged into sharepoint website.

How can we achieve this scenario? please guide me

Anonymous · ‎06-15-2021

Hi @neeraja

The code in the document provided by Microsoft need lots of customization to be done before we deploy on to the SharePoint website.

Follow the below steps:

1. Select the Authentication option on the Microsoft Power Virtual Agent and select Azure Active Directory v2.

2. Check with the Azure team and get the required details as per the below snapshot the doc to configure SSO to your bot using Azure should help the Azure team do the configurations.

URL: https://docs.microsoft.com/en-us/power-virtual-agents/configure-sso

3. Try customization your bot look and feel by editing your code on the Microsoft Visual Code or any Code editor and run the .html file on Chrome or any latest web browsers and try to customize accordingly.
4. Try accessing your bot through a button/image i.e. place a button/image in the code which helps to pop-up the chat bot window when clicked on it.
5. Once you are done with your customization touch base with your SharePoint team and check with them on how to deploy your bot code file on to the SharePoint website and align your bot button/image accordingly.

Below is the code that I am using.

<!DOCTYPE html>
<html>
  <head>
    <title>Virtual Agent</title>
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa" crossorigin="anonymous"></script>
    <script src="https://cdn.botframework.com/botframework-webchat/latest/webchat.js"></script>
    <script type="text/javascript" src="https://alcdn.msauth.net/lib/1.2.0/js/msal.js"></script>

    <script
      src="https://unpkg.com/@azure/storage-blob@10.3.0/browser/azure-storage.blob.min.js"
      integrity="sha384-fsfhtLyVQo3L3Bh73qgQoRR328xEeXnRGdoi53kjo1uectCfAHFfavrBBN2Nkbdf"
      crossorigin="anonymous">
    </script>

    <script type="text/javascript">
      if (typeof Msal === "undefined")
        document.write(
          unescape(
            "%3Cscript src='https://alcdn.msftauth.net/lib/1.2.0/js/msal.js' type='text/javascript' %3E%3C/script%3E"
          )
        );
    </script>

    <style>
      html,
      body {
        height: 100%;
      }

      body {
        margin: 0;
      }

      .modal {
        display: none; /* Hidden by default */
        position: absolute; /* Stay in place */
        z-index: 1; /* Sit on top */
        padding-top: 80px; /* Location of the box */
        left: 0;
        top: 0;
        width: 100%; /* Full width */
        height: 100%; /* Full height */
        overflow: auto; /* Enable scroll if needed */
        background-color: rgb(0, 0, 0); /* Fallback color */
        background-color:transparent; /* Black w/ opacity */
      }

      .modal-content {
        width: 500px;
        float:right;
        /*padding-top: 10px;*/
        margin-right: 180px;
        border-radius: 15px;
      }
      .close {
        color: black;
        float: right;
        font-size: 28px;
        font-weight: bold;
        margin-right: 10px;
      }

      .close:hover,
      .close:focus {
        color: #000;
        text-decoration: none;
        cursor: pointer;
      }

      .main {
        margin: 18px;
        border-radius: 4px;
      }

      div[role="form"] {
        background-color: #3392ff;
      }

      #webchat {
        position: center;
        height: 600px;
        width: 100%;
        top: 60px;
        overflow: hidden;
        border-bottom-left-radius: 15px;
        border-bottom-right-radius: 15px;
      }
      #heading {
        margin-top: 10px;
        margin-left: 12px;
        margin-bottom: 8px;
        width:50%;
        text-align:left;
        /*Newly added style*/
        padding-bottom: 12px;
        padding-top: 5px;
      }

      h1 {
        font-size: 14px;
        font-family: Segoe UI;
        font-style: normal;
        font-weight: 600;
        font-size: 14px;
        line-height: 20px;
        color: #f3f2f1;
        letter-spacing: 0.005em;
        display: table-cell;
        vertical-align: middle;
        padding: 13px 0px 0px 10px;
      }

      #login {
        position: fixed;
        margin-left: 150px;
      }

      .span {
        font-weight: bold;
      }

      #myBtn {
        float: right;
        outline: none;
        width: 95px;
        margin-top: 200px;
        margin-right: 20px;
      }

      button:hover {
        background-color: transparent;
      }

      .logo{
        /* float: left;
        width: 60px;
        height: 60px; */

        float: left;
        width:150px;
        height: 30px;
      }
      .main{
        margin-top: 10px;
        margin-bottom: 12px;
      }

    </style>

</head>

  <body>
    <!--Button and ChatBot View-->

    <!--<button id="myBtn" type="button">Power Virtual Agent</button>-->

    <img id="myBtn" alt="image" src="<Add image url>">

    <div id="myModal" class="modal">
      
      <!-- Modal content -->

      <div class="modal-content" style="background-color: yellow">
        <span class="close">&times;</span>
        <div id="chatwindow">
          <div id="heading"> 
            <img class="logo" src="<Add image url>" alt="logo"/>

            <h1 style="color:black">Virtual Agent</h1>

          </div>
          <div id="webchat"></div>
        </div>
      </div>
    </div>

    <!--Button code begins here-->
    <script>
      
      var modal = document.getElementById("myModal");
      var btn = document.getElementById("myBtn");
      var span = document.getElementsByClassName("close")[0];

      // When the user clicks the button, open the modal
      btn.onclick = function () {
        modal.style.display = "block";
      };

      // When the user clicks on <span> (x), close the modal
      span.onclick = function () {
        modal.style.display = "none";
      };

      // When the user clicks anywhere outside of the modal, close it
      window.onclick = function (event) {
        if (event.target == modal) {
          modal.style.display = "none";
        }
      };
    </script>

    <!--Button code ends here-->

    <script>
  
      function getOAuthCardResourceUri(activity) 
      {
        if (
          activity &&
          activity.attachments &&
          activity.attachments[0] &&
          activity.attachments[0].contentType ===
            "application/vnd.microsoft.card.oauth" &&
          activity.attachments[0].content.tokenExchangeResource
        ){
          // asking for token exchange with AAD
          console.log("Got the token exchange with AAD: " + activity.attachments[0].content.tokenExchangeResource.uri);
          
          return activity.attachments[0].content.tokenExchangeResource.uri; 
        }
      }

      function exchangeTokenAsync(resourceUri) 
      {
        let user = clientApplication.getAccount();
        let requestObj = {
          scopes: [resourceUri],
        };

        return clientApplication.acquireTokenSilent(requestObj).then(function (tokenResponse) {
            return tokenResponse.accessToken;
          }).catch(function (error) 
            {
              console.log("Error from exchangeTokenAsync function" + error);
            });
      }

      async function fetchJSON(url, options = {}) 
      {
        const res = await fetch(url, {
          ...options,
          headers: 
          {
            ...options.headers,
            accept: "application/json",
          },
        });
        
        if (!res.ok) {
          throw new Error(`Failed to fetch JSON due to ${res.status}`);
        }
        return await res.json();
      }

      function authRedirectCallBack(error, response) 
      {
      //Do Nothing Here since we don't come back to this page.  
      }

    </script>

    <script>
      
      var clientApplication;

      (function () {
        var msalConfig = {
          auth:
          {
            clientId:'<Add Client ID>',
            authority:'https://login.microsoftonline.com/<Add Directory ID>',
            redirectUri:"<Add SharePoint url where your bot is deployed>",
            navigateToLoginRequestUrl: false
          },
          cache: 
          {
            cacheLocation: 'localStorage',
            storeAuthStateInCookie: false,
          }
        };
        if (!clientApplication) 
        {
          clientApplication = new Msal.UserAgentApplication(msalConfig);
          clientApplication.handleRedirectCallback(authRedirectCallBack);
        }
        
        var newRequest = {
            scopes: ["user.read", 'openid', 'profile'],
        }

        clientApplication.acquireTokenSilent(newRequest).then(function(response)
        {
          //Now get the user display name
          let user = clientApplication.getAccount();
        }).catch(function (error)
            {
              $('#divPopup').modal({backdrop: 'static',keyboard: false});
              setTimeout(function()
              {
                //Now redirect to URI so that token will be created
                clientApplication.loginRedirect(newRequest);
              }, 2000);
            });
      })();

      (async function main() {
        
        // Add your BOT ID below
        var BOT_ID =  "<Add your Bot ID>";
        var theURL = "https://powerva.microsoft.com/api/botmanagement/v1/directline/directlinetoken?botId=" + BOT_ID;

        var userId = (clientApplication.account != null && clientApplication.account.accountIdentifier != null) ? clientApplication.account.accountIdentifier: (Math.random().toString() + Date.now().toString()).substr(0, 64); 

        const { token } = await fetchJSON(theURL);
        const directLine = window.WebChat.createDirectLine({ token }); // 
        const store = WebChat.createStore(
          {},
          ({ dispatch }) => (next) => (action) => {
            const { type } = action;
            if (action.type === "DIRECT_LINE/CONNECT_FULFILLED") 
            {
              dispatch({
                type: "WEB_CHAT/SEND_EVENT",
                payload: 
                {
                  name: "startConversation",
                  type: "event",
                  value: { text: "hello" },
                },
              });
              return next(action);
            }
            if (action.type === "DIRECT_LINE/INCOMING_ACTIVITY") 
            {
              const activity = action.payload.activity;
              let resourceUri;

              if (activity.from && activity.from.role === "bot" &&(resourceUri = getOAuthCardResourceUri(activity))) 
              {
                exchangeTokenAsync(resourceUri).then(function (token) 
                {
                  if (token) 
                  {
                    directLine.postActivity({
                        type: "invoke",
                        name: "signin/tokenExchange",
                        value: {
                          id: activity.attachments[0].content.tokenExchangeResource.id,
                          connectionName: activity.attachments[0].content.connectionName,
                          token,
                        },
                        from: {
                          id: userId,
                          name: clientApplication.account.name,
                          role: "user",
                        },
                      }).subscribe(
                        (id) => {
                          //console.log("id: " + id);
                          if (id === "retry") 
                          {
                            return next(action);
                          }
                          
                        },
                        (error) => {
                          
                          return next(action);
                        }
                      );
                    return;
                  } 
                  else return next(action);
                });
              } 
              else return next(action);
            } 
            else return next(action);
          }
        );

        const styleOptions = {
          backgroundColor: '#F8F8F8',
          botAvatarInitials: "BT",
          userAvatarInitials: "UR",
          botAvatarBackgroundColor: "#FFFFFF",
          userAvatarBackgroundColor: "#FFFFFF",
          botAvatarImage:"<Add image url>",
          userAvatarImage:"<Add image url>",
          hideUploadButton: true,
        };

        window.WebChat.renderWebChat(
          {
            directLine: directLine,
            store,
            userID: userId,
            styleOptions,
          },
          document.getElementById("webchat")
        );
      })().catch((err) => console.error("An error occurred: " + err));
    </script>
  </body>
</html>

Let me know if you need any help.

neeraja · ‎06-16-2021

Hi Hemanth,

I have followed the steps given by you and saved your code in one file and names it with travenq.html. So when i browse it is asking me to key in my microsoft credentials. once I keyed in it is redirecting me to sharepoint landing page which i have given at redirect UI option at azure app registration.

I can't see button outlook at browser if i just browse also.. it is simply redirecting me to sharepoint landing page.

and i can't see my chatbot..

Redirect uri i am using here is sharepoint home page.. is that correct?

Feel still something is missing!. can you help me..

skandadai · ‎06-16-2021

@neeraja - The code creates a new session using MSAL and uses that to send message via the bot. To make the user experience better, always provide the same page on which you added the javascript as the redirection page so that it will redirect back to this page. The redirect uri should not be any other page. Hope this helps.

neeraja · ‎06-16-2021

Hi,

If I see the redirect uri from this url.. it clearly says the URL where our chat canvas is hosted. I understand my chat canvas is hosted at sharepoint home page, so i have given that. The code hemanth sent to me shows also same..

redirectUri:"<Add SharePoint url where your bot is deployed>",

Let me know if it is wrong?

I have other question regarding this

4. Try accessing your bot through a button/image i.e. place a button/image in the code which helps to pop-up the chat bot window when clicked on it. - This one need to write extra code other than what you have given?

pls advise.

neeraja · ‎06-16-2021

Hi,

Let me provide the steps i have followed for this SSO configuration

1. I have created chat bot and then by using that bot ID i have created custom canvas using HTML page then hosted that in azure web app

2. created app registration for this canvas azure web app and the redirect URL I have given here is Token URL

https://token.botframework.com/.auth/web/redirect

3. Created another app registration say bot app and the redirect URL I used here is custom canvas web app and added custom canvas app client info in this app.

4. then finally added bot app client ID and details at power virtual agent chat bot.

5. then added custom HTML code given at Microsoft article in the custom canvas HTML page.

Then I try to run the page.. it shows me below error

Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: '6c43d77b-e66e-446c-b334-36fe23d73be1'.

can anyone pls help me to get solved this error?

How to configure SSO on a intranet page (SharePoint)

Helpful resources

Power Virtual Agents News & Announcements

Community Calls Conversations

Power Virtual Agents Community Blog