I am working on onboarding Azure AD source. For the configuration I have used Client Credentials Grant Type. IQService is not configured and Use TLS for IQService is unchecked. I haven’t imported certs in VAs.
When I click on the Test Connection I am getting mixed results. Most of the times it says “Connected” but sometimes it throws an error
“Test Connection failed with exception. Error message - Unable to generate access token. Response returned: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
I am not sure why it is asking for certs. Do we need to import certs in VAs for client credentials grant type? Also, if it really need certs then why would it even say “connected” while clicking on Test connection?
Hi @Sushant welcome to the Developer portal and thank you for your query.
On first glance there could be a couple of issues. Do you have more than one Virtual Appliance in the associated Virtual Appliance Cluster? When was the source created and did you toggle the configuration for authentication when testing the connection.
There could be an issue with connectivity with one of the Virtual Appliances that exist in that Virtual Appliance Cluster, hence why you are seeing differing results i.e. depends on which VA the test connection is being initiated on.
I would suggest to review that all the VAs are running healthily in the VA cluster and perhaps perform some curl commands to the Azure tenant from each VA. There could be an underlying issue with one of the Virtual Appliances. Trying several of the commands from the VA such as curl commands to the Azure instance (to the Microsoft Graph API for example) would help.
See the VA troubleshooting guide for several tips on how to do this:
@omar_khote_iam, Thank you so much for responding back to my queries.
Do you know if we need to import certs in VA for client credentials grant type for Azure AD connector? I looked into the connector reference guide and it is not mentioned that certs need to be imported for client credentials grant type.
For standard OAuth 2.0 client credentials grant type , no that would not be required if selected on the source.
The defined client ID and client secret on the source will be used to request an access token from the Authorization Server i.e. Azure. The access token will be used for the requests being made by the Azure AD connector.
Hence would be a good idea to ensure VAs are looking good here in the cluster as the VA could be the likely issue here.
For OAuth 2.0 JWT certificate credentials, yes there would be as mentioned in the guide: