From e49fc66fad8744efd8ff566c347d2fdd7b122e36 Mon Sep 17 00:00:00 2001 From: Michael Hansen Date: Mon, 17 Sep 2018 08:39:44 -0700 Subject: [PATCH 1/4] Added template and instructions for automated deployment of fhir-server --- .gitignore | 3 + BaseARMTemplate.json | 2 +- docs/DefaultDeployment.md | 124 +++++++++++ samples/templates/default-azuredeploy.json | 238 +++++++++++++++++++++ 4 files changed, 366 insertions(+), 1 deletion(-) create mode 100644 docs/DefaultDeployment.md create mode 100644 samples/templates/default-azuredeploy.json diff --git a/.gitignore b/.gitignore index e8f6f2147d..f625cec7da 100644 --- a/.gitignore +++ b/.gitignore @@ -29,6 +29,9 @@ bld/ # Uncomment if you have tasks that create the project's static files in wwwroot #wwwroot/ +#Visual Studio Code +.vscode/ + # MSTest test Results [Tt]est[Rr]esult*/ [Bb]uild[Ll]og.* diff --git a/BaseARMTemplate.json b/BaseARMTemplate.json index f7fb631b6b..bba9190493 100644 --- a/BaseARMTemplate.json +++ b/BaseARMTemplate.json @@ -1,5 +1,5 @@ { - "$schema": "http://schemas.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", "parameters": { "serviceName": { diff --git a/docs/DefaultDeployment.md b/docs/DefaultDeployment.md new file mode 100644 index 0000000000..b77aa059c2 --- /dev/null +++ b/docs/DefaultDeployment.md @@ -0,0 +1,124 @@ +Microsoft Open Source FHIR Server Deployment +============================================ + +This document describes how to deplot the [Microsoft Open Source FHIR Server](https://github.com/Microsoft/fhir-server). The deployment is a two-step process: + +1. (Optional) Create and Azure Active Directory (AAD) application registration to secure access to the FHIR server. +2. Deploy Cosmos DB, Azure Web App, and source code using an Azure Resource Manager template. + +Azure Active Directory Application Registration +----------------------------------------------- + +The FHIR server supports token based (JWT) authorization. If authorization is enabled, a user or an application accessing the server must present a token from a specified authority and with a specified audience. + +To use the FHIR server, two Azure Active Directory applications must be registered, one for the FHIR server itself and one for a client application accessing the FHIR server. Please refer to the Azure Active Directory documentation for details on the [Web application to Web API scenario](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios#web-application-to-web-api). + +Both Azure Active Directory applicationc can be registered using the Azure Portal. Please refer to the [Azure Active Directory application registration documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad). + +You can also register the applications using the [`AzureAD` PowerShell module](https://docs.microsoft.com/en-us/powershell/module/azuread/). First register an app for the FHIR server API: + +```PowerShell +#Make sure you are connected to Azure AD: +Connect-AzureAd + +# Your FHIR audience URL. +# A good choice is the URL of your FHIR service, e.g: +$fhirServiceName = "myfhirservice" + +#Note: use "https://${fhirServiceName}.azurewebsites.us" for US Government +$fhirApiAudience = "https://${fhirServiceName}.azurewebsites.net" + +#Create the App Registration: +$apiAppReg = New-AzureADApplication -DisplayName $fhirApiAudience -IdentifierUris $fhirApiAudience +New-AzureAdServicePrincipal -AppId $apiAppReg.AppId + +#Now gather some information we will need for the deployment: +$aadEndpoint = (Get-AzureADCurrentSessionInfo).Environment.Endpoints["ActiveDirectory"] +$aadTenantId = (Get-AzureADCurrentSessionInfo).Tenant.Id.ToString() + +$securityAuthenticationAuthority = "${aadEndpoint}${aadTenantId}" +$securityAuthenticationAudience = $fhirApiAudience + +#Display deployment information +Write-Host @" +FHIR Service Name (serviceName): ${fhirServiceName} +Authority (securityAuthenticationAuthority): ${securityAuthenticationAuthority} +Audience (securityAuthenticationAudience): ${securityAuthenticationAudience} +"@ +``` + +To access the FHIR server from a client application, you will also need a client app registration with a client secret. This client application registration will need to have appropriate reply URLs configured. Here is how to register a client app for use with [Postman](https://getpostman.com): + +```PowerShell +#We need to specify which permissions this app should have. + +#Required App permission for Azure AD signin +$reqAad = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess" +$reqAad.ResourceAppId = "00000002-0000-0000-c000-000000000000" +$reqAad.ResourceAccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" ` +-ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope" + +#Required App Permission for the API application registration. +$reqApi = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess" +$reqApi.ResourceAppId = $apiAppReg.AppId #From API App registration above + +#We will just add the first scope (user impersonation) +$reqApi.ResourceAccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" ` +-ArgumentList $apiAppReg.Oauth2Permissions[0].id,"Scope" + +#Application registration for API +$postmanReplyUrl="https://www.getpostman.com/oauth2/callback" + +$clientAppReg = New-AzureADApplication -DisplayName "${fhirServiceName}-postman" ` +-IdentifierUris "https://${fhirServiceName}-postman" ` +-RequiredResourceAccess $reqAad,$reqApi -ReplyUrls $postmanReplyUrl + +#Create a client secret +$clientAppPassword = New-AzureADApplicationPasswordCredential -ObjectId $clientAppReg.ObjectId + +#Create Service Principal +New-AzureAdServicePrincipal -AppId $clientAppReg.AppId + +#Write some information needed to use client app registration +$clientId = $clientAppReg.AppId +$clientSecret = $clientAppPassword.Value +$replyUrl = $clientAppReg.ReplyUrls[0] +$authUrl = "${securityAuthenticationAuthority}/oauth2/authorize?resource=${securityAuthenticationAudience}" +$tokenUrl = "${securityAuthenticationAuthority}/oauth2/token" + +Write-Host @" +=== Settings for Postman OAuth2 authentication === + + Callback URL: ${replyUrl} + Auth URL: ${authUrl} + Access Token URL: ${tokenUrl} + Client ID: ${clientId} + Client Secret: ${clientSecret} + +"@ +``` + +Deploying the FHIR Server Template +---------------------------------- + +To deploy the backend Cosmos DB, Azure Web App, and FHIR server code, use the buttons below to deploy through the Azure Portal. If you would like to protect the FHIR API with token authorization, you will need to supply application registration details as described above. + + + + + + + + + +The template can also be deployed using PowerShell. Here is an example of how the authorization details from above can be provided: + +```PowerShell +$rg = New-AzureRmResourceGroup -Name "RG-NAME" -Location westus2 + +New-AzureRmResourceGroupDeployment ` +-TemplateUri https://raw.githubusercontent.com/Microsoft/fhir-server/master/samples/templates/default-azuredeploy.json ` +-ResourceGroupName $rg.ResourceGroupName -serviceName $fhirServiceName ` +-securityAuthenticationAuthority $securityAuthenticationAuthority ` +-securityAuthenticationAudience $securityAuthenticationAudience +``` \ No newline at end of file diff --git a/samples/templates/default-azuredeploy.json b/samples/templates/default-azuredeploy.json new file mode 100644 index 0000000000..d19e2384f9 --- /dev/null +++ b/samples/templates/default-azuredeploy.json @@ -0,0 +1,238 @@ +{ + "$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": { + "serviceName": { + "type": "string", + "metadata": { + "description": "Name of the FHIR service Web App." + } + }, + "appServicePlanResourceGroup": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Resource group containing App Service Plan. If empty, deployment resource group is used." + } + }, + "appServicePlanName": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Name of App Service Plan (existing or new). If empty, a name will be generated." + } + }, + "appServicePlanSku": { + "type": "string", + "allowedValues": [ + "F1", + "D1", + "B1", + "B2", + "B3", + "S1", + "S2", + "S3", + "P1", + "P2", + "P3", + "P4" + ], + "defaultValue": "S1" + }, + "securityAuthenticationAuthority": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "OAuth Authority" + } + }, + "securityAuthenticationAudience": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Audience (aud) to validate in JWT" + } + }, + "repositoryUrl": { + "type": "string", + "defaultValue": "https://github.com/Microsoft/fhir-server", + "metadata": { + "description": "Respository to pull source code from. If blank, source code will not be deployed." + } + }, + "repositoryBranch": { + "type": "string", + "defaultValue": "master", + "metadata": { + "description": "Source code branch to deploy." + } + } + }, + "variables": { + "serviceName": "[toLower(parameters('serviceName'))]", + "identityResourceId": "[concat(resourceId('Microsoft.Web/sites', variables('serviceName')),'/providers/Microsoft.ManagedIdentity/Identities/default')]", + "keyvaultEndpoint": "[concat('https://', variables('serviceName'), '.vault.azure.net/')]", + "appServicePlanResourceGroup": "[if(empty(parameters('appServicePlanResourceGroup')), resourceGroup().name, parameters('appServicePlanResourceGroup'))]", + "appServicePlanName": "[if(empty(parameters('appServicePlanName')),concat(variables('serviceName'),'-asp'),parameters('appServicePlanName'))]", + "securityAuthenticationEnabled": "[if(and(not(empty(parameters('securityAuthenticationAuthority'))),not(empty(parameters('securityAuthenticationAudience')))),bool('true'),bool('false'))]" + }, + "resources": [ + { + "condition": "[empty(parameters('appServicePlanResourceGroup'))]", + "apiVersion": "2017-05-10", + "name": "nestedTemplate", + "type": "Microsoft.Resources/deployments", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "parameters": {}, + "variables": {}, + "resources": [ + { + "apiVersion": "2015-08-01", + "name": "[variables('appServicePlanName')]", + "type": "Microsoft.Web/serverfarms", + "location": "[resourceGroup().location]", + "sku": { + "name": "[parameters('appServicePlanSku')]" + }, + "properties": { + "name": "[variables('appServicePlanName')]" + } + } + ] + } + } + }, + { + "apiVersion": "2015-08-01", + "type": "Microsoft.Web/sites", + "name": "[variables('serviceName')]", + "location": "[resourceGroup().location]", + "identity": { + "type": "SystemAssigned" + }, + "properties": { + "clientAffinityEnabled": false, + "serverFarmId": "[resourceId(variables('appServicePlanResourceGroup'), 'Microsoft.Web/serverfarms/', variables('appServicePlanName'))]", + "siteConfig": { + "appSettings": [ + { + "name": "WEBSITE_NODE_DEFAULT_VERSION", + "value": "6.9.4" + }, + { + "name": "KEYVAULT_ENDPOINT", + "value": "[variables('keyvaultEndpoint')]" + }, + { + "name": "Security:Enabled", + "value": "[variables('securityAuthenticationEnabled')]" + }, + { + "name": "Security:Authentication:Authority", + "value": "[parameters('securityAuthenticationAuthority')]" + }, + { + "name": "Security:Authentication:Audience", + "value": "[parameters('securityAuthenticationAudience')]" + } + ] + } + }, + "dependsOn": [ + "nestedTemplate" + ], + "resources": [ + { + "apiVersion": "2015-08-01", + "name": "web", + "type": "sourcecontrols", + "dependsOn": [ + "[resourceId('Microsoft.Web/Sites', variables('serviceName'))]" + ], + "properties": { + "RepoUrl": "[parameters('repositoryUrl')]", + "branch": "[parameters('repositoryBranch')]", + "IsManualIntegration": true + } + } + ] + }, + { + "apiVersion": "2015-04-08", + "type": "Microsoft.DocumentDb/databaseAccounts", + "name": "[variables('serviceName')]", + "location": "[resourceGroup().location]", + "properties": { + "name": "[variables('serviceName')]", + "databaseAccountOfferType": "Standard", + "locations": [ + { + "locationName": "[resourceGroup().location]", + "failoverPriority": 0 + } + ] + } + }, + { + "type": "Microsoft.KeyVault/vaults", + "name": "[variables('serviceName')]", + "apiVersion": "2015-06-01", + "location": "[resourceGroup().location]", + "tags": {}, + "properties": { + "sku": { + "family": "A", + "name": "Standard" + }, + "tenantId": "[reference(variables('identityResourceId'), '2015-08-31-PREVIEW').tenantId]", + "accessPolicies": [ + { + "tenantId": "[reference(variables('identityResourceId'), '2015-08-31-PREVIEW').tenantId]", + "objectId": "[reference(variables('identityResourceId'), '2015-08-31-PREVIEW').principalId]", + "permissions": { + "secrets": [ + "get", + "list" + ] + } + } + ], + "enabledForDeployment": false + }, + "dependsOn": [ + "[concat('Microsoft.Web/sites/', variables('serviceName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/secrets", + "name": "[concat(variables('serviceName'), '/DataStore--Host')]", + "apiVersion": "2015-06-01", + "properties": { + "contentType": "text/plain", + "value": "[reference(concat('Microsoft.DocumentDb/databaseAccounts/', variables('serviceName'))).documentEndpoint]" + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', variables('serviceName'))]", + "[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('serviceName'))]" + ] + }, + { + "type": "Microsoft.KeyVault/vaults/secrets", + "name": "[concat(variables('serviceName'), '/DataStore--Key')]", + "apiVersion": "2015-06-01", + "properties": { + "contentType": "text/plain", + "value": "[listKeys(resourceId('Microsoft.DocumentDb/databaseAccounts', variables('serviceName')), '2015-04-08').primaryMasterKey]" + }, + "dependsOn": [ + "[resourceId('Microsoft.KeyVault/vaults', variables('serviceName'))]", + "[resourceId('Microsoft.DocumentDb/databaseAccounts', variables('serviceName'))]" + ] + } + ] +} \ No newline at end of file From 84cb0ab21fec59be66fcb6c6aa95df0ccd992cd5 Mon Sep 17 00:00:00 2001 From: Michael Hansen Date: Mon, 17 Sep 2018 10:58:39 -0700 Subject: [PATCH 2/4] Added some more documentation for testing FHIR server deployment with Postman --- docs/DefaultDeployment.md | 81 +++++++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 20 deletions(-) diff --git a/docs/DefaultDeployment.md b/docs/DefaultDeployment.md index b77aa059c2..d374f27052 100644 --- a/docs/DefaultDeployment.md +++ b/docs/DefaultDeployment.md @@ -1,7 +1,7 @@ Microsoft Open Source FHIR Server Deployment ============================================ -This document describes how to deplot the [Microsoft Open Source FHIR Server](https://github.com/Microsoft/fhir-server). The deployment is a two-step process: +This document describes how to deploy the [Microsoft Open Source FHIR Server](https://github.com/Microsoft/fhir-server). The deployment is a two-step process: 1. (Optional) Create and Azure Active Directory (AAD) application registration to secure access to the FHIR server. 2. Deploy Cosmos DB, Azure Web App, and source code using an Azure Resource Manager template. @@ -13,33 +13,33 @@ The FHIR server supports token based (JWT) authorization. If authorization is en To use the FHIR server, two Azure Active Directory applications must be registered, one for the FHIR server itself and one for a client application accessing the FHIR server. Please refer to the Azure Active Directory documentation for details on the [Web application to Web API scenario](https://docs.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios#web-application-to-web-api). -Both Azure Active Directory applicationc can be registered using the Azure Portal. Please refer to the [Azure Active Directory application registration documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad). +Both Azure Active Directory applications can be registered using the Azure Portal. Please refer to the [Azure Active Directory application registration documentation](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v1-integrate-apps-with-azure-ad). -You can also register the applications using the [`AzureAD` PowerShell module](https://docs.microsoft.com/en-us/powershell/module/azuread/). First register an app for the FHIR server API: +You can also register the applications using the [AzureAD PowerShell module](https://docs.microsoft.com/en-us/powershell/module/azuread/). First register an app for the FHIR server API: ```PowerShell -#Make sure you are connected to Azure AD: +# Make sure you are connected to Azure AD: Connect-AzureAd -# Your FHIR audience URL. +# FHIR audience URL. # A good choice is the URL of your FHIR service, e.g: $fhirServiceName = "myfhirservice" -#Note: use "https://${fhirServiceName}.azurewebsites.us" for US Government +# Note: use "https://${fhirServiceName}.azurewebsites.us" for US Government $fhirApiAudience = "https://${fhirServiceName}.azurewebsites.net" -#Create the App Registration: +# Create the App Registration: $apiAppReg = New-AzureADApplication -DisplayName $fhirApiAudience -IdentifierUris $fhirApiAudience New-AzureAdServicePrincipal -AppId $apiAppReg.AppId -#Now gather some information we will need for the deployment: +# Gather some information for the deployment: $aadEndpoint = (Get-AzureADCurrentSessionInfo).Environment.Endpoints["ActiveDirectory"] $aadTenantId = (Get-AzureADCurrentSessionInfo).Tenant.Id.ToString() $securityAuthenticationAuthority = "${aadEndpoint}${aadTenantId}" $securityAuthenticationAudience = $fhirApiAudience -#Display deployment information +# Display deployment information Write-Host @" FHIR Service Name (serviceName): ${fhirServiceName} Authority (securityAuthenticationAuthority): ${securityAuthenticationAuthority} @@ -47,39 +47,39 @@ Audience (securityAuthenticationAudience): ${securityAuthenticationAudience} "@ ``` -To access the FHIR server from a client application, you will also need a client app registration with a client secret. This client application registration will need to have appropriate reply URLs configured. Here is how to register a client app for use with [Postman](https://getpostman.com): +To access the FHIR server from a client application, you will also need a client app registration with a client secret. This client application registration will need to have appropriate application permissions and reply URLs configured. Here is how to register a client app for use with [Postman](https://getpostman.com): ```PowerShell -#We need to specify which permissions this app should have. +# First specify which permissions this app should have. -#Required App permission for Azure AD signin +# Required App permission for Azure AD sign-in $reqAad = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess" $reqAad.ResourceAppId = "00000002-0000-0000-c000-000000000000" $reqAad.ResourceAccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" ` -ArgumentList "311a71cc-e848-46a1-bdf8-97ff7156d8e6","Scope" -#Required App Permission for the API application registration. +# Required App Permission for the API application registration. $reqApi = New-Object -TypeName "Microsoft.Open.AzureAD.Model.RequiredResourceAccess" $reqApi.ResourceAppId = $apiAppReg.AppId #From API App registration above -#We will just add the first scope (user impersonation) +# Just add the first scope (user impersonation) $reqApi.ResourceAccess = New-Object -TypeName "Microsoft.Open.AzureAD.Model.ResourceAccess" ` -ArgumentList $apiAppReg.Oauth2Permissions[0].id,"Scope" -#Application registration for API +# Application registration for API $postmanReplyUrl="https://www.getpostman.com/oauth2/callback" $clientAppReg = New-AzureADApplication -DisplayName "${fhirServiceName}-postman" ` -IdentifierUris "https://${fhirServiceName}-postman" ` -RequiredResourceAccess $reqAad,$reqApi -ReplyUrls $postmanReplyUrl -#Create a client secret +# Create a client secret $clientAppPassword = New-AzureADApplicationPasswordCredential -ObjectId $clientAppReg.ObjectId -#Create Service Principal +# Create Service Principal New-AzureAdServicePrincipal -AppId $clientAppReg.AppId -#Write some information needed to use client app registration +# Write some information needed to use client app $clientId = $clientAppReg.AppId $clientSecret = $clientAppPassword.Value $replyUrl = $clientAppReg.ReplyUrls[0] @@ -117,8 +117,49 @@ The template can also be deployed using PowerShell. Here is an example of how th $rg = New-AzureRmResourceGroup -Name "RG-NAME" -Location westus2 New-AzureRmResourceGroupDeployment ` --TemplateUri https://raw.githubusercontent.com/Microsoft/fhir-server/master/samples/templates/default-azuredeploy.json ` +-TemplateUri "https://raw.githubusercontent.com/Microsoft/fhir-server/master/samples/templates/default-azuredeploy.json" ` -ResourceGroupName $rg.ResourceGroupName -serviceName $fhirServiceName ` -securityAuthenticationAuthority $securityAuthenticationAuthority ` -securityAuthenticationAudience $securityAuthenticationAudience -``` \ No newline at end of file +``` + +To deploy without Authentication/Authorization: + +```PowerShell +$rg = New-AzureRmResourceGroup -Name "RG-NAME" -Location westus2 + +New-AzureRmResourceGroupDeployment ` +-TemplateUri "https://raw.githubusercontent.com/Microsoft/fhir-server/master/samples/templates/default-azuredeploy.json" ` +-ResourceGroupName $rg.ResourceGroupName -serviceName $fhirServiceName +``` + +Testing FHIR Server with Postman +-------------------------------- + +You can use [Postman](https://getpostman.com) to test the FHIR server. If you have deployed with Authentication/Authorization enabled, you will need to [configure Azure AD authorization](https://blog.jongallant.com/2017/03/azure-active-directory-access-tokens-postman/ +) to obtain a token. Use type "OAuth 2.0" and set the following parameters: + +*Grant Type*: `Auhorization Code` + +*Callback URL*: `https://www.getpostman.com/oauth2/callback` + +*Auth URL*: `https://login.microsoftonline.com/{TENANT-ID}/oauth2/authorize?resource={AUDIENCE}` + +*Access Token URL*: `https://login.microsoftonline.com/{TENANT-ID}/oauth2/token` + +*Client ID*: `CLIENT-APP-ID` (see above) + +*Client Secret*: `SECRET` (see above) + +*Scope*: `Ignored` (not used for Azure AD v1.0 endpoints) + +*State*: e.g., `12345` + +*Client Authentication*: `Send client credentials in body` + +Verify that the following requests return status `200 OK`: + +``` +GET https://myfhirservice.azurewebsites.net/metadata +GET https://myfhirservice.azurewebsites.net/Patient +``` From 015e13ed7028ee504cb51b2b860908a095b36943 Mon Sep 17 00:00:00 2001 From: Michael Hansen Date: Mon, 17 Sep 2018 11:19:07 -0700 Subject: [PATCH 3/4] Updated embedded link for Azure Deploy buttons --- docs/DefaultDeployment.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/DefaultDeployment.md b/docs/DefaultDeployment.md index d374f27052..3f5db1793d 100644 --- a/docs/DefaultDeployment.md +++ b/docs/DefaultDeployment.md @@ -103,11 +103,11 @@ Deploying the FHIR Server Template To deploy the backend Cosmos DB, Azure Web App, and FHIR server code, use the buttons below to deploy through the Azure Portal. If you would like to protect the FHIR API with token authorization, you will need to supply application registration details as described above. - + - + From f4582d18b644288c8c8e761609eb9b8ef852d7f2 Mon Sep 17 00:00:00 2001 From: Michael Hansen Date: Mon, 17 Sep 2018 14:07:19 -0700 Subject: [PATCH 4/4] Fixed logic statement in default template --- samples/templates/default-azuredeploy.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/samples/templates/default-azuredeploy.json b/samples/templates/default-azuredeploy.json index d19e2384f9..345f246d03 100644 --- a/samples/templates/default-azuredeploy.json +++ b/samples/templates/default-azuredeploy.json @@ -75,7 +75,7 @@ "keyvaultEndpoint": "[concat('https://', variables('serviceName'), '.vault.azure.net/')]", "appServicePlanResourceGroup": "[if(empty(parameters('appServicePlanResourceGroup')), resourceGroup().name, parameters('appServicePlanResourceGroup'))]", "appServicePlanName": "[if(empty(parameters('appServicePlanName')),concat(variables('serviceName'),'-asp'),parameters('appServicePlanName'))]", - "securityAuthenticationEnabled": "[if(and(not(empty(parameters('securityAuthenticationAuthority'))),not(empty(parameters('securityAuthenticationAudience')))),bool('true'),bool('false'))]" + "securityAuthenticationEnabled": "[and(not(empty(parameters('securityAuthenticationAuthority'))),not(empty(parameters('securityAuthenticationAudience'))))]" }, "resources": [ {