Using latest version of Azure SDK to use MSAL4j internally #24095
Assignees
Labels
Azure.Identity
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-team-attention
Workflow: This issue needs attention from Azure service team or SDK team
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Comments
ghost
added
customer-reported
|
Just to give you more context on the reason why we need to fix this issue. We are actually using Azure SDK of Client Authentication by adding the below maven dependencies which internally calls ADAL4j which we want to get rid off and internally call MSAL4j.( so that we can fix one critical security defect) Our application is being currently used by many applications since 2017-18, so with minimal code changes which is corresponding to Azure SDK Java API/code for MSAL4J with required maven dependencies would help. |
|
Can someone please assign this issue and take this as priority? |
joshfree
added
Azure.Identity
Client
ghost
added
the
needs-team-attention
Hi @narigalam yes, this is correct.
You can see https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/README.md for more information on how to get started. the Key Vault Name is the Vault Name that was specified when the keyvault store was created.
Please note that you cannot mix the old "com.microsoft.azure" SDKs with the new Unified SDKs which start with "com.azure". You'll need to continue to use ADAL or upgrade from the older "com.microsoft.azure.*" client library to a newer version which can be found here https://aka.ms/azsdk. Please let us know if you have any other questions. |
|
@AlexGhiondea it looks like the GitHub issue bot failed to add the |
joshfree
added
the
needs-author-feedback
|
Hi Josh
Could you please confirm and clarify the following queries?
1. If I move from below code
ApplicationTokenCredentials auth = new ApplicationTokenCredentials(connection.getClientId(),
connection.getTenantId(),
connection.getClientKey(),
null);
return Azure.configure()
.withLogLevel(LogLevel.BASIC)
.withReadTimeout(READ_TIMEOUT_SEC, TimeUnit.SECONDS)
.authenticate(auth)
.withSubscription(connection.getSubcriptionId());
TO
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("<YOUR_CLIENT_ID>")
.clientSecret("<YOUR_CLIENT_SECRET>")
.tenantId("<YOUR_TENANT_ID>")
.build();
// Azure SDK client builders accept the credential as a parameter
SecretClient client = new SecretClientBuilder()
.vaultUrl("https://{YOUR_VAULT_NAME}.vault.azure.net<https://urldefense.proofpoint.com/v2/url?u=https-3A__-257bYOUR-5FVAULT-5FNAME-257d.vault.azure.net&d=DwMFAg&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7ctvYhGMu-UgjfcYUXkszOn5ENEfPbmLboJp7DnSVmM&m=AusbabMTu1vxAUIWNYZzJ_RxIG6wgHVHmAw-NXv-ims&s=Tpt8TOHgRNxyBdCY0Byx88ATfljUxTIWDj4rWWZCZ-c&e=>")
.credential(clientSecretCredential)
.buildClient();
It would internally use MSAL not ADAL is that correct?
1. Currently I only have Tenant Id, Client Id, Client Secret, Subscription ID in my old code and implementation from where can I find YOUR_VAULT_NAME?
2. I only need to authenticate using only Tenant Id, Client Id, Client Secret, Subscription ID, Please share sample lines of code.
I added below new maven dependencies but I could not import all the classes required for above new migration code. Could you please confirm maven dependencies for ClientSecretCredential and ClientSecretCredentialBuilder
<dependency>
<groupId>com.azure.resourcemanager</groupId>
<artifactId>azure-resourcemanager</artifactId>
<version>2.7.0</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.3.4</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-core-http-netty</artifactId>
<version>1.10.2</version>
</dependency>
Please let me know if its better to get into a meeting I am fine with it as well.
From: Josh Free ***@***.***>
Date: Thursday, September 16, 2021 at 10:49 AM
To: Azure/azure-sdk-for-java ***@***.***>
Cc: Arigala, NagaSwetha ***@***.***>, Author ***@***.***>
Subject: [EXTERNAL] Re: [Azure/azure-sdk-for-java] Using latest version of Azure SDK to use MSAL4j internally (#24095)
It would internally use MSAL not ADAL is that correct?
Hi @narigalam yes, this is correct.
Currently I only have Tenant Id, Client Id, Client Secret, Subscription ID in my old code and implementation from where can I find YOUR_VAULT_NAME? is there a way to skip the vault name in new implementation ?
I only need to authenticate using only Tenant Id, Client Id, Client Secret, Subscription ID, Please share sample lines of code.
You can see https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Azure_azure-2Dsdk-2Dfor-2Djava_blob_main_sdk_identity_azure-2Didentity_README.md&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=O_LM2zDgbeUj_VIIAlz5t-pqKw6hk7JHUDrgfoZf5zg&e=> for more information on how to get started. the Key Vault Name is the Vault Name that was specified when the keyvault store was created.
com.microsoft.azure
Please note that you cannot mix the old "com.microsoft.azure" SDKs with the new Unified SDKs which start with "com.azure". You'll need to continue to use ADAL or upgrade from the older "com.microsoft.azure.*" client library to a newer version which can be found here https://aka.ms/azsdk<https://urldefense.proofpoint.com/v2/url?u=https-3A__aka.ms_azsdk&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=nZ7VPiyye_u4JEhGNl-ebiJ1XfwvBkNGyUl-nSpUvh4&e=>.
Please let us know if you have any other questions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Azure_azure-2Dsdk-2Dfor-2Djava_issues_24095-23issuecomment-2D921107176&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=eM4jRRfCTXFKkbEMIVyYIDWAHJk3juCVY0qrXn39QfI&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AUBL2L6DRTOMAUIPIXWNMJTUCIU2BANCNFSM5D6LRRJA&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=xkmF0D3aiayayEvK_bZsa1PU_G1O0UT28kf_n-3ylsA&e=>.
Triage notifications on the go with GitHub Mobile for iOS<https://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=I0obG9DFZTs7DoHxAAcn9qUz79TbSqIt6vCjSnbFVRc&e=> or Android<https://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=PPw6nSGc0wRSMeuFjnILzixzFgKMN6zj7_P2s2eUyWA&e=>.
|
ghost
removed
the
needs-author-feedback
|
Hello Team,
Is there any update on this ticket?
Thanks
Swetha
From: Arigala, NagaSwetha ***@***.***>
Date: Thursday, September 16, 2021 at 11:16 AM
To: Azure/azure-sdk-for-java ***@***.***>, Azure/azure-sdk-for-java ***@***.***>
Cc: Author ***@***.***>
Subject: Re: [EXTERNAL] Re: [Azure/azure-sdk-for-java] Using latest version of Azure SDK to use MSAL4j internally (#24095)
I did check the below https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Azure_azure-2Dsdk-2Dfor-2Djava_blob_main_sdk_identity_azure-2Didentity_README.md&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=O_LM2zDgbeUj_VIIAlz5t-pqKw6hk7JHUDrgfoZf5zg&e=>
We want to upgrade the newer version of the Azure SDK which uses MSAL4j internally.
But we only have the Client ID, Client Secret, Tenant ID, Subscription ID.
We cannot add any new parameter like Key Vault as the above README samples mentions.
So Kindly guide with the list of maven dependencies that we can use and the sample of code
Equivalent to the below in new Azure SDK which uses MSAL4j internally
ApplicationTokenCredentials auth = new ApplicationTokenCredentials(connection.getClientId(),
connection.getTenantId(),
connection.getClientKey(),
null);
return Azure.configure()
.withLogLevel(LogLevel.BASIC)
.withReadTimeout(READ_TIMEOUT_SEC, TimeUnit.SECONDS)
.authenticate(auth)
.withSubscription(connection.getSubcriptionId());
The reason behind we need to migrate this, currently with the older SDK, it have oauth2-oidc-sdk child dependencies which have security issue.
To get rid of that we should come out of ADAL4J to MSAL4j
Thanks
Swetha
From: Josh Free ***@***.***>
Date: Thursday, September 16, 2021 at 10:49 AM
To: Azure/azure-sdk-for-java ***@***.***>
Cc: Arigala, NagaSwetha ***@***.***>, Author ***@***.***>
Subject: [EXTERNAL] Re: [Azure/azure-sdk-for-java] Using latest version of Azure SDK to use MSAL4j internally (#24095)
It would internally use MSAL not ADAL is that correct?
Hi @narigalam yes, this is correct.
Currently I only have Tenant Id, Client Id, Client Secret, Subscription ID in my old code and implementation from where can I find YOUR_VAULT_NAME? is there a way to skip the vault name in new implementation ?
I only need to authenticate using only Tenant Id, Client Id, Client Secret, Subscription ID, Please share sample lines of code.
You can see https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/README.md<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Azure_azure-2Dsdk-2Dfor-2Djava_blob_main_sdk_identity_azure-2Didentity_README.md&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=O_LM2zDgbeUj_VIIAlz5t-pqKw6hk7JHUDrgfoZf5zg&e=> for more information on how to get started. the Key Vault Name is the Vault Name that was specified when the keyvault store was created.
com.microsoft.azure
Please note that you cannot mix the old "com.microsoft.azure" SDKs with the new Unified SDKs which start with "com.azure". You'll need to continue to use ADAL or upgrade from the older "com.microsoft.azure.*" client library to a newer version which can be found here https://aka.ms/azsdk<https://urldefense.proofpoint.com/v2/url?u=https-3A__aka.ms_azsdk&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=nZ7VPiyye_u4JEhGNl-ebiJ1XfwvBkNGyUl-nSpUvh4&e=>.
Please let us know if you have any other questions.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_Azure_azure-2Dsdk-2Dfor-2Djava_issues_24095-23issuecomment-2D921107176&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=eM4jRRfCTXFKkbEMIVyYIDWAHJk3juCVY0qrXn39QfI&e=>, or unsubscribe<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_AUBL2L6DRTOMAUIPIXWNMJTUCIU2BANCNFSM5D6LRRJA&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=xkmF0D3aiayayEvK_bZsa1PU_G1O0UT28kf_n-3ylsA&e=>.
Triage notifications on the go with GitHub Mobile for iOS<https://urldefense.proofpoint.com/v2/url?u=https-3A__apps.apple.com_app_apple-2Dstore_id1477376905-3Fct-3Dnotification-2Demail-26mt-3D8-26pt-3D524675&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=I0obG9DFZTs7DoHxAAcn9qUz79TbSqIt6vCjSnbFVRc&e=> or Android<https://urldefense.proofpoint.com/v2/url?u=https-3A__play.google.com_store_apps_details-3Fid-3Dcom.github.android-26referrer-3Dutm-5Fcampaign-253Dnotification-2Demail-2526utm-5Fmedium-253Demail-2526utm-5Fsource-253Dgithub&d=DwMCaQ&c=UrUhmHsiTVT5qkaA4d_oSzcamb9hmamiCDMzBAEwC7E&r=7LJLwaNYvdGyU_IFKXLg-g&m=lXHnt7xguEV7SRGSlpiIl8_W7LdH0EOX57O4UUoJuHQ&s=PPw6nSGc0wRSMeuFjnILzixzFgKMN6zj7_P2s2eUyWA&e=>.
|
|
Hi.. Is there any update on this ticket? |
|
Thanks for posting this issue. |
|
I am getting this error even after having the below dependencies and adding jackson libraries to 2.12 java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/cfg/MapperBuilder |
|
Closing this, as the issue was resolved on direct contact with the customer. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Describe the bug
Using latest version of Azure SDK to use MSAL4j internally
Could you please confirm and clarify the following queries?
Current code which uses ADAL
ApplicationTokenCredentials auth = new ApplicationTokenCredentials(connection.getClientId(),
connection.getTenantId(),
connection.getClientKey(),
null);
return Azure.configure()
.withLogLevel(LogLevel.BASIC)
.withReadTimeout(READ_TIMEOUT_SEC, TimeUnit.SECONDS)
.authenticate(auth)
.withSubscription(connection.getSubcriptionId());
NEW CODE as per the links:
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("<YOUR_CLIENT_ID>")
.clientSecret("<YOUR_CLIENT_SECRET>")
.tenantId("<YOUR_TENANT_ID>")
.build();
It would internally use MSAL not ADAL is that correct?
com.azure.resourcemanager azure-resourcemanager 2.7.0 com.azure azure-identity 1.3.4 com.azure azure-core-http-netty 1.10.2Currently I only have Tenant Id, Client Id, Client Secret, Subscription ID in my old code and implementation from where can I find YOUR_VAULT_NAME? is there a way to skip the vault name in new implementation ?
I only need to authenticate using only Tenant Id, Client Id, Client Secret, Subscription ID, Please share sample lines of code.
I added below new maven dependencies but I could not import all the classes required for above new migration code. Could you please confirm maven dependencies for ClientSecretCredential and ClientSecretCredentialBuilder
Exception or Stack Trace
Not able to import all the classes even after adding required dependencies
To Reproduce
Migrate old code to new code
Code Snippet
ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder()
.clientId("<YOUR_CLIENT_ID>")
.clientSecret("<YOUR_CLIENT_SECRET>")
.tenantId("<YOUR_TENANT_ID>")
.build();
Expected behavior
After adding the corresponding lines of code with latest Azure SDK for MSAL it should work as it was previously with ADAL4j
Screenshots
If applicable, add screenshots to help explain your problem.
Setup (please complete the following information):
- OS: [e.g. iOS] windows or Linux
- IDE: [e.g. IntelliJ] Any IntelliJ
- Library/Libraries: [e.g. com.azure:azure-core:1.16.0 (groupId:artifactId:version)] libraries are added above
com.azure azure-identity 1.3.4 com.azure azure-core-http-netty 1.10.2 - Java version: [e.g. 8] Java 11 - App Server/Environment: [e.g. Tomcat, WildFly, Azure Function, Apache Spark, Databricks, IDE plugin or anything special] - Frameworks: [e.g. Spring Boot, Micronaut, Quarkus, etc] Dev serverscom.azure.resourcemanager
azure-resourcemanager
2.7.0
If you suspect a dependency version mismatch (e.g. you see
NoClassDefFoundError,NoSuchMethodErroror similar), please providemvn dependency:tree)Additional context
Add any other context about the problem here.
Information Checklist
Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report
The text was updated successfully, but these errors were encountered: