Merge pull request #110 from Azure-Samples/kkrishna/rolesfix

bug fix

Author: Kalyan Krishna

5-WebApp-AuthZ/5-1-Roles/AppCreationScripts/Cleanup.ps1

@@ -55,9 +55,8 @@ This function removes the Azure AD applications for the sample. These applicatio
     if ($app)
     {
         Remove-AzureADApplication -ObjectId $app.ObjectId
-        Write-Host "Removed."
+        Write-Host "Removed WebApp-RolesClaims."
+    }
     }
-
-}
 
 Cleanup -Credential $Credential -tenantId $TenantId

5-WebApp-AuthZ/5-1-Roles/AppCreationScripts/Configure.ps1

@@ -145,6 +145,8 @@ Function ConfigureApplications
    so that they are consistent with the Applications parameters
 #> 
 
+    $commonendpoint = "common"
+
     # $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
     # into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
 
@@ -191,7 +193,6 @@ Function ConfigureApplications
                                                   -IdentifierUris "https://$tenantName/WebApp-RolesClaims" `
                                                   -PasswordCredentials $key `
                                                   -Oauth2AllowImplicitFlow $true `
-                                                  -GroupMembershipClaims "SecurityGroup" `
                                                   -PublicClient $False
 
    $currentAppId = $webAppAadApplication.AppId
@@ -203,7 +204,7 @@ Function ConfigureApplications
    { 
         Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObjectId $user.ObjectId
         Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($webAppServicePrincipal.DisplayName)'"
-
+        
         # assign the current user to the app as well
         New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $webAppServicePrincipal.ObjectId -Id ([Guid]::Empty) 
    }
@@ -234,8 +235,14 @@ Function ConfigureApplications
    $dictionary = @{ "ClientId" = $webAppAadApplication.AppId;"TenantId" = $tenantId;"Domain" = $tenantName;"ClientSecret" = $webAppAppKey };
    UpdateTextFile -configFilePath $configFile -dictionary $dictionary
    Write-Host ""
-   Write-Host -ForegroundColor Green "Run the ..\CreateUsersAndRoles.ps1 command to automatically create a number of users, app roles and assign users to these roles or refer to the 'Define your application roles' section in README on how to configure your newly created app further for this sample."
-
+   Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
+   Write-Host "IMPORTANT: Please follow the instructions below to complete a few manual step(s) in the Azure portal":
+   Write-Host "- For 'webApp'"
+   Write-Host "  - Navigate to '$webAppPortalUrl'"
+   Write-Host "  - Run the ..\CreateUsersAndRoles.ps1 command to automatically create a number of users, app roles and assign users to these roles or refer to the 'Define your application roles' section in README on how to configure your newly created app further for this sample." -ForegroundColor Red 
+
+   Write-Host -ForegroundColor Green "------------------------------------------------------------------------------------------------" 
+     
    Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html  
 }
 

5-WebApp-AuthZ/5-1-Roles/README.md

@@ -85,19 +85,6 @@ Navigate to the `"5-WebApp-AuthZ"` folder
 
 ### Step 2: Configure your application to receive the **roles** claims
 
-1. In your application settings page on the Application Registration Portal (preview), click on "Manifest" to open the inline manifest editor.
-2. Edit the manifest by locating the "groupMembershipClaims" setting, and setting its value to "SecurityGroup".
-3. Save the manifest.
-
-```JSON
-{
-  ...
-  "errorUrl": null,
-  "groupMembershipClaims": "SecurityGroup",
-  ...
-}
-```
-
 1. To receive the `roles` claim with the name of the app roles this user is assigned to, make sure that the user accounts you plan to sign-in to this app is assigned to the app roles of this app.
 
 #### Step 3: Define your Application Roles