The following addresses should be whitelisted for the integration with the Connect ID Service to work properly in different environments. 


ALL ENVIRONMENTS:
https://login.microsoftonline.com
http://www.w3.org


Beta:
https://fci-hashing-beta.azurewebsites.net
https://fci-iddirectory-beta.azurewebsites.net
https://fci-servicebus-beta.azurewebsites.net
https://fci-apim-beta.azure-api.net


Preproduction:

https://preprod-hashing.id.ma.services
https://preprod-directory.id.ma.services
https://preprod-bus.id.ma.services
https://fci-apim-prep.azure-api.net


Production:

https://hashing.id.ma.services
https://directory.id.ma.services
https://bus.id.ma.services
https://fci-apim-prod.azure-api.net


Since the IP addresses may change, the recommendation is to use fully qualified domain names instead.



How to verify that your firewall is configured correctly?


When called with HTTP client like cURL (or web browser) all of the above routes should return full HTTP response including status code, headers and body content e.g.

$ curl -kvl https://fci-apim-beta.azure-api.net

* Host fci-apim-beta.azure-api.net:443 was resolved.
* IPv6: (none)
* IPv4: 51.124.142.60
*   Trying 51.124.142.60:443... // IP resolved successfully 
* schannel: disabled automatic use of client certificate
* ALPN: curl offers http/1.1
* ALPN: server did not agree on a protocol. Uses default.
* Connected to fci-apim-beta.azure-api.net (51.124.142.60) port 443
* using HTTP/1.x 

> GET / HTTP/1.1 // HTTP request sent
> Host: fci-apim-beta.azure-api.net
> User-Agent: curl/8.10.1
> Accept: */*
>
* Request completely sent off
* schannel: remote party requests renegotiation
* schannel: renegotiating SSL/TLS connection
* schannel: SSL/TLS connection renegotiated

< HTTP/1.1 404 Resource Not Found // HTTP response received
< Content-Length: 54
< Content-Type: application/json
< Date: Mon, 24 Feb 2025 11:12:53 GMT
<
{ "statusCode": 404, "message": "Resource not found" } 

* Connection #0 to host fci-apim-beta.azure-api.net left intact


In oppose, invalid firewall configuration will prevent HTTP client from calling the endpoint:

$ curl -kvl https://login.microsoftonline.com/fifaconnect.onmicrosoft.com/oauth2/v2.0/token

*   Trying 20.190.181.23...
* TCP_NODELAY set
* Connected to login.microsoftonline.com (20.190.181.23) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Operation timed out after 300177 milliseconds with 0 out of 0 bytes received
* Closing connection 0
curl: (28) Operation timed out after 300177 milliseconds with 0 out of 0 bytes received 

// operation timeout due to invalid configuration