You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
UPDATE: It looks like this is a region-specific issue. I'm needing to deploy to "Australia East" (AUE), which is where I'm seeing the error I describe. But I've now tried deploying to US East (EUS) as a test and it all works fine there. So it appears the issue is to do with deploying to Australia East.
I'm trying to set up an agent in Microsoft Foundry to use a custom MCP tool provided by an MCP tool trigger function app in a Flex Consumption plan that has a private endpoint and uses OAuth2 identity passthrough.
I have the authentication working fine for the function app, and if I enable public access and set up a tool from a Foundry that doesn't have a capability host, then it accesses the MCP tool successfully via the public endpoint and authenticates correctly.
Also, if I set up a Foundry with a capability host (using either network injection or managed virtual network preview), and disable the authentication of the function app and set the tool up as "unauthenticated", then it also accesses the MCP tool successfully via the private endpoint (and also the public endpoint if I remove the private endpoint from the function app).
But if I try doing both things at the same time (i.e. have OAuth2 identity passthrough enabled and using the private endpoint) then I get an error like this:
ErrorAuthentication failed when connecting to the MCP server: https://func-my-test1-aue.azurewebsites.net:443/runtime/webhooks/mcp: ApiHub connection authorization failed with status 401: Bearer token validation succeeded but the S2S registration validation failed for servicePrincipal: 79bba053-9f6a-45df-b52a-110d0052485f and tenant: 33e01921-4d64-4f8c-a055-5bdaffd5e33d at ControlPlaneAadBearerTokenValidator. Verify your authentication headers.
I mention the capability host because from my experimentation it's this component that when created will result in the error. If I disable it from the Terraform template then the error goes away (but the private networking no longer works).
After some further experimentation, I don't think this has anything to do with Function Apps or even my specific app registrations at all. I get the same error if I deploy exactly this template without any modifications, and just set up a tool with "OAuth2 identity passthrough" and dummy details - i.e. I don't actually need to deploy the Function App or even the app registrations to reproduce the error.
But just to be clear, I have checked and rechecked that the real authentication details for my Function App that I've entered into the tool configuration in the Foundry Portal with "OAuth2 identity passthrough" are correct, and as mentioned above, if I don't have a capability host set up, then the tool call authenticates with the Function App and works fine with exactly those same details. It's only when the capability host is involved and "OAuth2 identity passthrough" is enabled that the error appears. If I switch the Function App's authentication off and reconfigure the tool call to be unauthenticated, then this also works even with the capability host.
So, the situation is:
✅ OAuth2 identity passthrough tool call without capability host and private endpoint works
✅ Unauthenticated tool call with capability host and private endpoint works
❌ OAuth2 identity passthrough tool call with capability host and private endpoint does not work
Once deployed, in the Foundry go to Networking and enable access for All Networks (this is just so you can access the Foundry Portal for setting up a tool and agent and for testing in the playground)
Go to the Foundry Portal
Create an agent called "broken-agent"
Add a tool with authentication details like this (these are all dummy values, but the error occurs with valid details as well - my point here is that I think the only value that matters for triggering the error is selecting "OAuth Identity Passthrough" and it's not actually getting to the point of using any of the confidential client details):
Type anything into the prompt and press Send, then you get the same error:
ErrorAuthentication failed when connecting to the MCP server: https://localhost:443/test: ApiHub connection authorization failed with status 401: Bearer token validation succeeded but the S2S registration validation failed for servicePrincipal: 79bba053-9f6a-45df-b52a-110d0052485f and tenant: 33e01921-4d64-4f8c-a055-5bdaffd5e33d at ControlPlaneAadBearerTokenValidator. Verify your authentication headers.
My conclusion is that the tool call isn't getting anywhere near the Function App, nor even using the confidential client details or scope that are configured in the tool configuration. Regardless of whether I have valid or invalid details in the tool configuration, the same error occurs.
I can't see why this is happening, or what (if anything) I'm doing wrong.
Also, just to be clear, I have tested with a Python client app using azure.ai.projects (i.e. not just the playground) and also get the same error in that too, so it's not just an issue with the Foundry Portal or playground.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
UPDATE: It looks like this is a region-specific issue. I'm needing to deploy to "Australia East" (AUE), which is where I'm seeing the error I describe. But I've now tried deploying to US East (EUS) as a test and it all works fine there. So it appears the issue is to do with deploying to Australia East.
I'm trying to set up an agent in Microsoft Foundry to use a custom MCP tool provided by an MCP tool trigger function app in a Flex Consumption plan that has a private endpoint and uses OAuth2 identity passthrough.
I have the authentication working fine for the function app, and if I enable public access and set up a tool from a Foundry that doesn't have a capability host, then it accesses the MCP tool successfully via the public endpoint and authenticates correctly.
Also, if I set up a Foundry with a capability host (using either network injection or managed virtual network preview), and disable the authentication of the function app and set the tool up as "unauthenticated", then it also accesses the MCP tool successfully via the private endpoint (and also the public endpoint if I remove the private endpoint from the function app).
But if I try doing both things at the same time (i.e. have OAuth2 identity passthrough enabled and using the private endpoint) then I get an error like this:
ErrorAuthentication failed when connecting to the MCP server: https://func-my-test1-aue.azurewebsites.net:443/runtime/webhooks/mcp: ApiHub connection authorization failed with status 401: Bearer token validation succeeded but the S2S registration validation failed for servicePrincipal: 79bba053-9f6a-45df-b52a-110d0052485f and tenant: 33e01921-4d64-4f8c-a055-5bdaffd5e33d at ControlPlaneAadBearerTokenValidator. Verify your authentication headers.I mention the capability host because from my experimentation it's this component that when created will result in the error. If I disable it from the Terraform template then the error goes away (but the private networking no longer works).
After some further experimentation, I don't think this has anything to do with Function Apps or even my specific app registrations at all. I get the same error if I deploy exactly this template without any modifications, and just set up a tool with "OAuth2 identity passthrough" and dummy details - i.e. I don't actually need to deploy the Function App or even the app registrations to reproduce the error.
But just to be clear, I have checked and rechecked that the real authentication details for my Function App that I've entered into the tool configuration in the Foundry Portal with "OAuth2 identity passthrough" are correct, and as mentioned above, if I don't have a capability host set up, then the tool call authenticates with the Function App and works fine with exactly those same details. It's only when the capability host is involved and "OAuth2 identity passthrough" is enabled that the error appears. If I switch the Function App's authentication off and reconfigure the tool call to be unauthenticated, then this also works even with the capability host.
So, the situation is:
So to reproduce the error message:
Deploy this to Azure
Once deployed, in the Foundry go to Networking and enable access for All Networks (this is just so you can access the Foundry Portal for setting up a tool and agent and for testing in the playground)
Go to the Foundry Portal
Create an agent called "broken-agent"
Add a tool with authentication details like this (these are all dummy values, but the error occurs with valid details as well - my point here is that I think the only value that matters for triggering the error is selecting "OAuth Identity Passthrough" and it's not actually getting to the point of using any of the confidential client details):
Name: BrokenTool
Remote MCP Server endpoint: https://localhost/test
Authentication: OAuth Identity Passthrough
Client ID: xxx
Client secret: (leave blank)
Token URL: https://localhost/test
Auth URL: https://localhost/test
Refresh URL: https://localhost/test
Scopes: (leave blank)
Ignore the redirect URL and press Close
Click "Use in an agent" -> broken-agent
Remove the "web search" tool and press save
Type anything into the prompt and press Send, then you get the same error:
ErrorAuthentication failed when connecting to the MCP server: https://localhost:443/test: ApiHub connection authorization failed with status 401: Bearer token validation succeeded but the S2S registration validation failed for servicePrincipal: 79bba053-9f6a-45df-b52a-110d0052485f and tenant: 33e01921-4d64-4f8c-a055-5bdaffd5e33d at ControlPlaneAadBearerTokenValidator. Verify your authentication headers.My conclusion is that the tool call isn't getting anywhere near the Function App, nor even using the confidential client details or scope that are configured in the tool configuration. Regardless of whether I have valid or invalid details in the tool configuration, the same error occurs.
I can't see why this is happening, or what (if anything) I'm doing wrong.
Also, just to be clear, I have tested with a Python client app using
azure.ai.projects(i.e. not just the playground) and also get the same error in that too, so it's not just an issue with the Foundry Portal or playground.Beta Was this translation helpful? Give feedback.
All reactions