How to match and recreate Client Secrets in Azure PaaS hosted Orchestrator?
- Access the DB via SSMS, or the Azure Online DB Editor.
- Using this SQL query will display all the corresponding Clients and Secrets from the DB:
SELECT ids.Id as "Client internal identiyfier", ids.ClientName as "Client Name", ids.ClientId as "Client ID", sec.value as "Secret Value" FROM [identity].[Clients] ids INNER JOIN [identity].[ClientSecrets] sec ON ids.id = sec.ClientID
- An example output should look something like this:
- To figure out which Client goes where, here is a table with the mapping for the name of the Azure App Setting to the Client Name from the DB.
The list mentions both the clients, and the corresponding secrets, where it is the case.
Note: Below list is example for 2021 Orchestrators. For 2022+, the last pair for Orchestrator.OpenId is no longer present.
| Type | Azure App setting | DB Client name |
|---|---|---|
| Secret | Auth.Ropc.ClientSecret | Orchestrator.Ropc |
| Client | IdentityServer.Integration.ClientId | Orchestrator.S2S |
| Secret | IdentityServer.Integration.ClientSecret | Orchestrator.S2S (secret) |
| Client | ExternalAuth.System.OpenIdConnect.ClientId | Orchestrator.OpenId |
| Secret | ExternalAuth.System.OpenIdConnect.ClientSecret | Orchestrator.OpenId (secret) |
The following steps can be followed for re-syncing the secrets from App Settings to the DB:
- Take the Secret Value from the App Setting
- Copy the value from the app setting into this encryption site https://cryptii.com/pipes/fpEyXg
- Take the output from the above encryption site, and update the corresponding secret in the DB for the respective ClientId based on the above table, with a query like:
UPDATE [identity].[ClientSecrets] SET Value = 'encrypted Secret' WHERE ClientId = Internal Client Identifier for the secret you need to update, taken from above query;