Driver version
7.4.1
Client details
Running on an Azure App Server Java 11 / Linux instance in the UK west region
OS: Alpine 3.8 Docker container
JVM: OpenJDK Runtime Environment 19.1-(Zulu-11.29+3-linux-musl-x64)-Microsoft-Azure-restricted (build 11.0.2+7-LTS)
Problem description
- Configure an App Services resource (Java 11 in "UK West" region) and Azure SQL DB for authentication using MSI, following instructions here
- Deploy code that attempts MSI authentication, e.g.:
//...
public static void main(String[] args) throws Exception {
SQLServerDataSource ds = new SQLServerDataSource();
ds.setServerName("my-db-instance.database.windows.net");
ds.setDatabaseName("my-db-name");
ds.setAuthentication("ActiveDirectoryMSI");
Connection connection = ds.getConnection();
}
//...
- The connection fails, with an opaque "MSI Token failure: Failed to acquire token from MSI Endpoint" error.
Unfortunately there's no stack trace or log output that shows the underlying problem (even at java.util.logging.Level.ALL), but by retrying with a patched version of the driver with extra logging I was able to narrow the issue down to SQLServerConnection.java:4376 which throws a java.text.ParseException when attempting to parse the token expiry timestamp. The driver implementation is looking for a 12hr time format - "M/d/yyyy h:mm:ss a X", but the MSI API server (for my App Service instance in UK West at least) is returning a 24hr format, e.g.
"08/30/2019 01:08:02 +00:00".
It's not clear to me whether the issue is with the MSI server (possibly just in some regions?) or the driver. Even if the issue is with the MSI server (in which case I'd appreciate advice on how to raise such an issue), I'd suggest it's probably a bug that the relevant exception details are swallowed by the driver without any logging. I've attached the full log traces from the unmodified 7.4.1 driver from the start of the MSI request so you can see what I mean.
output-trimmed.log
All best,
Joe
Driver version
7.4.1
Client details
Running on an Azure App Server Java 11 / Linux instance in the UK west region
OS: Alpine 3.8 Docker container
JVM: OpenJDK Runtime Environment 19.1-(Zulu-11.29+3-linux-musl-x64)-Microsoft-Azure-restricted (build 11.0.2+7-LTS)
Problem description
Unfortunately there's no stack trace or log output that shows the underlying problem (even at
java.util.logging.Level.ALL), but by retrying with a patched version of the driver with extra logging I was able to narrow the issue down to SQLServerConnection.java:4376 which throws ajava.text.ParseExceptionwhen attempting to parse the token expiry timestamp. The driver implementation is looking for a 12hr time format - "M/d/yyyy h:mm:ss a X", but the MSI API server (for my App Service instance in UK West at least) is returning a 24hr format, e.g."08/30/2019 01:08:02 +00:00".It's not clear to me whether the issue is with the MSI server (possibly just in some regions?) or the driver. Even if the issue is with the MSI server (in which case I'd appreciate advice on how to raise such an issue), I'd suggest it's probably a bug that the relevant exception details are swallowed by the driver without any logging. I've attached the full log traces from the unmodified 7.4.1 driver from the start of the MSI request so you can see what I mean.
output-trimmed.log
All best,
Joe