Deploy PaaS services for Azure Stack with AAD Tenant in Azure China

Right after we release Microsoft Azure Stack Technical Preview 1, we also released three additional PaaS services for Azure Stack. They SQL Server Database, MySQL Database and Web Apps. You may find more information from the link below.
https://acom-prod-uswest-01.azurewebsites.net/en-us/documentation/articles/azure-stack-tools-paas-services/

However all of the above services don't support Azure Stack deployment with AAD Tenant from Azure China. The main reason is Azure China use the different endpoint address from Public Azure. For example,

        public static string[] AADLoginUrls = {

            "https://login.chinacloudapi.cn",

            "https://login.windows.net"

        };

        public static string[] AADGraphUrls = {

            "https://graph.chinacloudapi.cn",

            "https://graph.windows.net"

        };

        // Must include forward slash

        public static string[] CSMResourceUrls = {

            "https://management.core.chinacloudapi.cn/",

            "https://management.core.windows.net/"

        };

        public static string[] CSMUrls = {

            "https://management.chinacloudapi.cn",

            "https://management.azure.com"

        };

        public static string[] RdfeUrls = {

            "https://management.core.chinacloudapi.cn",

            "https://management.core.windows.net"

        };

In this case, PaaS services deployment scripts hard code the AAD Login URL and AAD Graph URL. So as you could imagine, in order to support AAD in China Azure, we need to replace those two endpoints with China Azure's.

I create the following PowerShell script to replace the endpoints' addresses.

 $StartingDir=Read-Host "What directory do you want to Scan?"

# Scan the specified directory and replace public azure endpoint with China Azure endpoint
foreach ($file in $(Get-ChildItem $StartingDir -Recurse -Include *.ps1,*.psm1)) 
{
 # Replace "windows.net" with "chinacloudapi.cn"
 (Get-Content $file.FullName) | Foreach-Object {$_ -replace "windows.net", "chinacloudapi.cn"} | Set-Content $file.FullName
}

You may follow the steps below to prepare the PaaS services deployment scripts.

  1. Download the deploy package. The link could be found from the corresponding deployment guide.
  2. Unzip the download zip file to a folder.
  3. Run the above script, please provide a full path of the above folder. For example, "C:\Users\larryzh\Downloads\AzureStack.Sql.5.11.69.0"
  4. Then the script will found the corresponding public Azure endpoints and replace them with China Azure's.

Comments

  • Anonymous
    March 23, 2016
    install error:
    J:WAPAzureStackWithAADShow-WapToken.ps1
    Register-AzureStackAADApplication : {"odata.error":{"code":"Authentication_MissingOrMalformed","message":{"lang":"en","
    value":"Access Token missing or malformed."},"values":null}}
    所在位置 J:AzureStackInstallerPoCDeploymentAzureADConfiguration.psm1:301 字符: 26
    + $monitoringAppInfo = Register-AzureStackAADApplication `
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OperationStopped: (:) [Register-AzureStackAADApplication], DataServiceClientException
    + FullyQualifiedErrorId : ApplicationCreationFailed,AzureStackAADApplication.RegisterAADApplication