Hello twin,
Welcome to the Microsoft Q&A and thank you for posting your questions here.
Problem
Based on your questions, it appears you are setting up Azure API Management (APIM) to handle requests for multiple Azure OpenAI model deployments using a managed identity for authentication. Despite following the setup process, you are encountering a 400 error indicating a malformed resource ID when using a token obtained via the managed identity. This token fails both through APIM and in direct requests, while the API key works correctly.
Scenario
The organization has several Azure OpenAI model deployments across different regions. They want to streamline access to these models by using Azure API Management as a single endpoint. By leveraging APIM's subscription capabilities, they aim to manage access with a single API key. The plan is to use a managed identity for authentication between APIM and the Azure OpenAI service. However, despite setting up the managed identity and assigning the necessary roles correctly, authentication fails with a 400 status code indicating a malformed resource ID.
Solution
The lack of detailed error information makes troubleshooting difficult. Here are the steps to troubleshoot the authentication issue between Azure API Management (APIM) and Azure OpenAI services using a managed identity:
- Confirm that the resource URI for which you are requesting the token is correct. For Azure OpenAI services.
- Make sure the user-assigned managed identity has the correct roles (
Cognitive Services User
andCognitive Services OpenAI User
) assigned to it. - Verify the token retrieval process in APIM. Ensure that the token is indeed being requested for the correct managed identity client ID.
- Double-check the APIM inbound policy configuration.
Finally
Enable detail logging in APIM to capture more information about the failed requests.
References
Source: Using Managed Identity to Access Azure OpenAI Service. Accessed, 5/17/2024.
Source: How to configure Azure OpenAI Service with managed identities. Accessed, 5/17/2024.
Source: Troubleshoot Azure Automation managed identity issues. Accessed, 5/17/2024.
Accept Answer
I hope this is helpful! Do not hesitate to let me know if you have any other questions.
** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful ** so that others in the community facing similar issues can easily find the solution.
Best Regards,
Sina Salam