对于具有复制范围 USG 的租户,public 端点不支持机密客户端请求
Confidential Client requests are not supported on public endpoint for tenants with replication scope USG
我有一个 Java 应用程序,它通过 App Registration 客户端从 Azure US Sovereign 云 (https://*****.vault.usgovcloudapi.net) 上的 Key Vault 检索机密。
自从我开始使用 Java SDK 以来,该应用程序一直运行良好。但是,今天 运行 申请时,检索秘密失败。抛出以下异常:
2020-05-08 00:42:32.711 ERROR 2100 --- [onPool-worker-3] c.m.a.m.ConfidentialClientApplication : [Correlation ID: 6ae589cd-0ebd-4b51-97ad-aa45dc240708] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
com.microsoft.aad.msal4j.MsalServiceException: AADSTS900439: Confidential Client requests are not supported on public endpoint for tenants with replication scope USG. Send your requests to https://login.microsoftonline.us
Trace ID: d7bcf956-f161-4e5c-867e-84f79005ac00
Correlation ID: 6ae589cd-0ebd-4b51-97ad-aa45dc240708
Timestamp: 2020-05-07 19:12:42Z
at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:46) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.TokenRequest.executeOauthRequestAndProcessResponse(TokenRequest.java:109) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.ClientApplicationBase.acquireTokenCommon(ClientApplicationBase.java:163) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:52) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:57) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1692) ~[na:na]
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) ~[na:na]
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177) ~[na:na]
一些额外的细节:
- 操作系统 - Windows 10
- IDE - 日食 2020-03 (4.15.0)
- Azure Key Vault 库版本 - com.azure:azure-security-keyvault-secrets:4.1.0
有人可以解释为什么会遇到这个问题吗?我找不到与此相关的 Azure 文档。
创建您的 ConfidentialClientApplication 时,使用政府端点而不是 public 端点:
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
CONFIDENTIAL_CLIENT_ID,
ClientCredentialFactory.createFromSecret(CONFIDENTIAL_CLIENT_SECRET))
.authority("https://login.microsoftonline.us/your-tenant-id")
.build();
这可能是一个没有被很好宣布的重大变化(?),因为其他一些人也突然接受了这个,例如https://developercommunity.visualstudio.com/content/problem/1018249/azure-file-copy-task-login-error-error.html
我有一个 Java 应用程序,它通过 App Registration 客户端从 Azure US Sovereign 云 (https://*****.vault.usgovcloudapi.net) 上的 Key Vault 检索机密。
自从我开始使用 Java SDK 以来,该应用程序一直运行良好。但是,今天 运行 申请时,检索秘密失败。抛出以下异常:
2020-05-08 00:42:32.711 ERROR 2100 --- [onPool-worker-3] c.m.a.m.ConfidentialClientApplication : [Correlation ID: 6ae589cd-0ebd-4b51-97ad-aa45dc240708] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
com.microsoft.aad.msal4j.MsalServiceException: AADSTS900439: Confidential Client requests are not supported on public endpoint for tenants with replication scope USG. Send your requests to https://login.microsoftonline.us
Trace ID: d7bcf956-f161-4e5c-867e-84f79005ac00
Correlation ID: 6ae589cd-0ebd-4b51-97ad-aa45dc240708
Timestamp: 2020-05-07 19:12:42Z
at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:46) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.TokenRequest.executeOauthRequestAndProcessResponse(TokenRequest.java:109) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.ClientApplicationBase.acquireTokenCommon(ClientApplicationBase.java:163) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:52) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:57) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17) ~[msal4j-0.5.0-preview.jar:0.5.0-preview]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.run(CompletableFuture.java:1700) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture$AsyncSupply.exec(CompletableFuture.java:1692) ~[na:na]
at java.base/java.util.concurrent.ForkJoinTask.doExec(ForkJoinTask.java:290) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool$WorkQueue.topLevelExec(ForkJoinPool.java:1020) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool.scan(ForkJoinPool.java:1656) ~[na:na]
at java.base/java.util.concurrent.ForkJoinPool.runWorker(ForkJoinPool.java:1594) ~[na:na]
at java.base/java.util.concurrent.ForkJoinWorkerThread.run(ForkJoinWorkerThread.java:177) ~[na:na]
一些额外的细节:
- 操作系统 - Windows 10
- IDE - 日食 2020-03 (4.15.0)
- Azure Key Vault 库版本 - com.azure:azure-security-keyvault-secrets:4.1.0
有人可以解释为什么会遇到这个问题吗?我找不到与此相关的 Azure 文档。
创建您的 ConfidentialClientApplication 时,使用政府端点而不是 public 端点:
ConfidentialClientApplication app = ConfidentialClientApplication.builder(
CONFIDENTIAL_CLIENT_ID,
ClientCredentialFactory.createFromSecret(CONFIDENTIAL_CLIENT_SECRET))
.authority("https://login.microsoftonline.us/your-tenant-id")
.build();
这可能是一个没有被很好宣布的重大变化(?),因为其他一些人也突然接受了这个,例如https://developercommunity.visualstudio.com/content/problem/1018249/azure-file-copy-task-login-error-error.html