Can't verify publisher domain for web app

F C 31 Reputation points
2020-01-17T20:28:23.797+00:00

Asking on behalf of the user dataportabiltiy who originally posted on: https://social.msdn.microsoft.com/Forums/en-US/ef2e2ed8-1377-448e-97f8-c5156526ec38/cant-verify-publisher-domain-for-web-app?forum=AzureStack

On our web app, under Publisher Domain for the Branding it says unverified. The instructions to configure the domain say

To verify a publisher domain for {0}
Create a file named microsoft-identity-association.json and paste in the following content. Or, use the link provided to download the content.

{
"associatedApplications": [
{
"applicationId": ""
}
]
}

Download

Host the file at:
https://EXAMPLE.COM/.well-known/microsoft-identity-association.json
Click 'Verify and save domain' below.

When we visit the url, our application id is there, but when we click "Verify and save domain" we get this error:

"Verification of publisher domain failed. Error getting JSON file from https:///.well-known/microsoft-identity-association. The server returned an unexpected content type header value. [gS599]"

The host link returns the right results but it looks like its returning HTML instead of the raw json? Inspecting via a browser shows that the content type response header is: content-type: application/json; charset=utf-8 According to a support page that i'm unable to link, it looks like it needs to be just application/json. Unfortunately, we use an open source library and the only MediaType available is the one we set. It would be non trivial to update this.

Is there anyway to get a manual verification?

Azure Stack Hub
Azure Stack Hub
An extension of Azure for running apps in an on-premises environment and delivering Azure services in a datacenter.
189 questions
{count} votes

10 answers

Sort by: Most helpful
  1. Guillaume Darbonne 36 Reputation points
    2020-11-02T13:31:20.933+00:00

    Please, please, please modify the App Registration | Branding | Publisher Domain verification to either (a) accept the specification standard header for JSON, which is and always will be "application/json; charset=utf-8", or (b) allow us to use a DNS CNAME or TXT record validation, like all other verification systems on the Internet (such as Google, AWS, or Oracle).

    7 people found this answer helpful.
    0 comments No comments

  2. Raydiant Operations 31 Reputation points
    2020-05-26T20:51:31.667+00:00

    It turns out that it is impossible to remove the charset=utf-8 from the content-type header sent by Wordpress or Github, or any other HTTP spec compliant webserver, for that matter. Since Microsoft is not HTTP compliant, their own webserver can do this (by breaking the HTTP 1.1 spec).

    In effect: ALL servers return "application/json; charset=utf-8", and not "application/json", because UTF-8 has been the standard for over sixteen years. And: on Wordpress and Github you cannot override this header.

    So: it is technically impossible to verify apps if your company happens to run a normal website. 80% of the Internet, which runs on Wordpress and Github, cannot verify an Azure application.

    Please, please, please modify the App Registration | Branding | Publisher Domain verification to either (a) accept the specification standard header for JSON, which is and always will be "application/json; charset=utf-8", or (b) allow us to use a DNS CNAME or TXT record validation, like all other verification systems on the Internet (such as Google, AWS, or Oracle).

    Thank you,

    David Phipps
    VP of Engineering
    Raydiant, Inc.

    6 people found this answer helpful.

  3. Dylan Strang 21 Reputation points
    2020-08-07T09:11:36.33+00:00

    I found the solution for this.

    You have to add a custom domain and verify it with TXT or MX

    https://zcusa.951200.xyz/en-us/azure/active-directory/fundamentals/add-custom-domain

    4 people found this answer helpful.
    0 comments No comments

  4. Cronoz Founders 6 Reputation points
    2020-11-22T11:20:10.147+00:00

    I have been waiting for a while now to be able to verify my domain. It is literally impossible to remove charset=utf-8. Do they just not care about the fact that people cannot verify their domains? It can't be that hard of a fix. The portal is probably expecting an exact string, instead of just checking to see if it contains application/json. This is really frustrating. Not sure how the PR made it through code review. Its impacting users who have literally been complaining since January. It's almost been a year.

    1 person found this answer helpful.
    0 comments No comments

  5. Ryan Hill 29,561 Reputation points Microsoft Employee
    2020-01-21T17:39:17.633+00:00

    @FOC-0664, it may seem non-trivial but try removing charset=utf-8 from the response header. This appears to have corrected a similar issue folks were having over at https://github.com/MicrosoftDocs/azure-docs/issues/35934.

    If that doesn't help, let me know.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.