{tocify} $title={Table of Contents}
Issue
While doing testing after doing a POC on Securing Logic App with Azure Active Directory authentication, where I have put logic app behind APIM and before passing the request to logic app, apim does validation of the token.
I was encountered with an error
"The request has both SAS authentication scheme and 'Bearer' authorization
scheme. Only one scheme should be used."
Why it happened
After validating the token which is part of the header i.e. Authorization, APIM forwards the request as it is to backend. As Logic app is configured as back end, it's url already consist of SAS signature plus the request also has Authorization section and this is the problem.
By default every request endpoint on a logic app has a Shared Access Signature (SAS) in the endpoint's URL, which follows this format:
https://<request-endpoint-URI>sp=<permissions>sv=<SAS-version>sig=<signature>
As of now logic App only understands SAS authentication only, and there is no mechanism built yet for Authorization, thus it does not support any Authorization scheme.
By default every request endpoint on a logic app has a Shared Access Signature (SAS) in the endpoint's URL, which follows this format:
https://<request-endpoint-URI>sp=<permissions>sv=<SAS-version>sig=<signature>
As of now logic App only understands SAS authentication only, and there is no mechanism built yet for Authorization, thus it does not support any Authorization scheme.
Although the error says
Only one scheme should be used -- It will not work if I remove SAS part and add
only Bearer token(Any Authorization scheme)
What to do
As Logic App currently doesn't support Authorization Header, it needs to be removed before submitting request to Logic App. In my case, as I was using APIM, by using Set Header policy - the Authorization header was removed and all work fine then after.
Learn More about some more Logic App errors
- Selected file must be between 1 and 2097152 bytes
- SplitOn property doesn't validate expression at design time
- The workflow with 'Response' action type should not have triggers with 'splitOn' property
- The template language function 'xpath' expects its first parameter to be an XML object
- The template language expression 'xxx' cannot be evaluated because property 'xxx' doesn't exist. Property selection is not supported on content of type 'application/xml'
Do you have any other fix for this.. after doing this change its not working.
ReplyDeleteWhat actually you tried? You just need to remove Authorization from header before hitting logic app
ReplyDeleteHi Mahesh,
DeleteI am trying to do the same with POST request which is coming from ZOOM. I have created and APIM service in azure using my logic App. I have also removed the authorization header from the request header with APIM service as stated above. It still does not resolve the issue. So I am not sure what is wrong?
how about operationOptions: IncludeAuthorizationHeadersInOutputs?
ReplyDeleteHi Divyesh,
ReplyDeleteDid you add Set headers policy in apim?
check in following post if you missing some step -- https://www.tech-findings.com/2020/02/securing-logic-app-with-azure-active-directory.html