Azure
Azure Identity => ERROR in getToken() call for scopes [https://database.windows.net//.default]
Query/Question Hello , I have my java spring boot application running on azure aks and i want to connect the azure sql bd to application via user assigned managed identity for achieving that i have enabled WordkloadIdentity on aks cluster and i added the below pom maven dependencies : com.azure azure-identity 1.3.3 com.microsoft.sqlserver mssql-jdbc 12.6.0.jre11
I am using the below JDBC URL in my application.yaml
URL = jdbc-url: jdbc:sqlserver://test.database.windows.net:1433;databaseName=test-db;encrypt=true;trustServerCertificate=false;hostNameInCertificate=*.database.windows.net;loginTimeout=30;authentication=ActiveDirectoryManagedIdentity;
and i am getting the below error :
INFO [-,,,] 7 --- [ost-startStop-1] c.netflix.config.DynamicPropertyFactory : DynamicPropertyFactory is initialized with configuration sources: com.netflix.config.ConcurrentCompositeConfiguration@17772efd 2024-05-06T17:15:30.886680097Z 2024-05-06 13:15:30.885 INFO [-,,,] 7 --- [ost-startStop-1] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... 2024-05-06T17:15:32.550691266Z 2024-05-06 13:15:32.543 ERROR [-,,,] 7 --- [ost-startStop-1] c.a.i.implementation.IdentityClient : ### ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established. 2024-05-06T17:15:32.564517243Z 2024-05-06 13:15:32.564 ERROR [-,,,] 7 --- [ost-startStop-1] c.a.identity.ManagedIdentityCredential : Azure Identity => ERROR in getToken() call for scopes [https://database.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established. 2024-05-06T17:15:33.575927570Z 2024-05-06 13:15:33.574 ERROR [-,,,] 7 --- [ost-startStop-1] com.zaxxer.hikari.pool.HikariPool : HikariPool-1 - Exception during pool initialization. 2024-05-06T17:15:33.575961571Z 2024-05-06T17:15:33.575968871Z com.azure.identity.CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established. 2024-05-06T17:15:33.575975571Z at com.azure.identity.implementation.IdentityClient.lambda$authenticateToIMDSEndpoint$48(IdentityClient.java:1145) 2024-05-06T17:15:33.575982071Z at reactor.core.publisher.MonoCallable.subscribe(MonoCallable.java:57) 2024-05-06T17:15:33.575987671Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.575993971Z at reactor.core.publisher.MonoFlatMap$FlatMapMain.onNext(MonoFlatMap.java:150) 2024-05-06T17:15:33.575999871Z at org.springframework.cloud.sleuth.instrument.reactor.ScopePassingSpanSubscriber.onNext(ScopeP assingSpanSubscriber.java:81) 2024-05-06T17:15:33.576007271Z at org.springframework.cloud.sleuth.instrument.reactor.LazySpanSubscriber.onNext(LazySpanSubscriber.java:52) 2024-05-06T17:15:33.576013971Z at reactor.core.publisher.Operators$MonoSubscriber.complete(Operators.java:1083) 2024-05-06T17:15:33.576019571Z at reactor.core.publisher.MonoCallable.subscribe(MonoCallable.java:62) 2024-05-06T17:15:33.576025272Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.576030972Z at reactor.core.publisher.MonoFlatMap.subscribe(MonoFlatMap.java:60) 2024-05-06T17:15:33.576036672Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.576042872Z at reactor.core.publisher.MonoPeekTerminal.subscribe(MonoPeekTerminal.java:61) 2024-05-06T17:15:33.576048772Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.576054472Z at reactor.core.publisher.MonoPeekFuseable.subscribe(MonoPeekFuseable.java:74) 2024-05-06T17:15:33.576060972Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.576067172Z at reactor.core.publisher.MonoPeekFuseable.subscribe(MonoPeekFuseable.java:74) 2024-05-06T17:15:33.576072772Z at reactor.core.publisher.MonoLiftFuseable.subscribe(MonoLiftFuseable.java:56) 2024-05-06T17:15:33.576078372Z at reactor.core.publisher.Mono.blockOptional(Mono.java:1219) 2024-05-06T17:15:33.576084772Z at com.microsoft.sqlserver.jdbc.SQLServerSecurityUtility.getManagedIdentityCredAuthToken(SQLServerSecurityUtility.java:353) 2024-05-06T17:15:33.576090372Z at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:6014) 2024-05-06T17:15:33.576095972Z at
Can someone help me on this.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for your feedback. Tagging and routing to the team member best able to assist.
@cap-udayvarma
The Managed Identity endpoint is not available, in the envrionment vnou're running in. Ensure, you're running within an Azure VM or a cluster hosted within Azure.
Further, can you share the code you're using to target Workload Identity. Use the WorkloadIdentityCredential to target WorkloadIdentity directly.
TokenCredential workloadIdentityCredential = new WorkloadIdentityCredentialBuilder().build();
If the issue persists, check and respond with the env vars available in the cluster to verify workload identity is available.