I followed the guide for this app in creating the connection into an Azure cloud.
Created integration application in Azure. For the redirect URL, I copied directly from the server I'm running the Splunk add-on from. This is an internal IP address
Connected with my account successfully using the client secret
Created a certificate, modified and uploaded manifest back in to Azure
My troubleshooting screen says "Certificate Status: Auto-generated but not yet verified"
The splunk_ta_microsoft-cloudservices_*.log log files don't seem to contain any useful information
If I access the redirect URL directly prompts me to log in to Splunk, but then just stays in a loading state and never goes anywhere
This issue is fixed in version 2.0 of the app on my site...
Certificate is needed to refresh the token automatically but not required for the oAUTH handshake.
This could be either one of the following:
When you say "as long as as it is accessible"; does that mean that it has to able to be reach from the outside?
So it seems the app calls itself on the redirect URL, which then communicates with o365/azure. Azure would see the incoming URL as your Redirect URL.
So, internal address works for the application so long as the URL loads for you locally. (accessible internal)
According to this article below the the app makes the call out to the Azure AD, which in turn s begins the conversation. So I would think that it would need a way to reach the Splunk search head from "outside". If this is correct assumption then it will need to either be natted or routed to the internal address where the search head lives. Correct?
https://msdn.microsoft.com/EN-US/library/office/dn707383.aspx
Did you solve this ? We are finding similar issues where the Azure AD is validating the redirection URL and refusing to work if it is not externally accessible...
So far I have found issues where debug logging did not work on my instance, and the application appeared to be looking for a search head captain.
Since my search head / heavy forwarder was non-clustered this would never work, I have temporarily removed that code and I am past this error and still discussing the issues with Splunk support.
The issue for my site is sorted, the only issue was some code in the application that had identified my server as a search head cluster when it was not clustered...
Once I removed the invalid code, the application works as expected.