J'utilise adal4j v1.1.2 pour obtenir un jeton basé sur un certificat client.adal4j: erreur d'authentification basée sur un certificat: jeton JWT non valide
Snippet fait référence: Why does AcquireToken with ClientCredential fail with invalid_client (ACS50012)?
String AAD_HOST_NAME = "login.windows.net";
String AAD_TENANT_ID = "XXX";
String AAD_TENANT_ENDPOINT = "https://" + AAD_HOST_NAME + "/" + AAD_TENANT_ID + "/";
String AAD_CLIENT_ID = "XXX";
String AAD_RESOURCE_ID = "https://vault.azure.net";
String AAD_CERTIFICATE_PATH = "/XXX.pfx";
String AAD_CERTIFICATE_PASSWORD = "XXX";
String AAD_CLIENT_SECRET = "XXX";
ExecutorService service = ExecutorServiceHelper.createThreadPool(1, "azureHSMClientExecutorService-");
KeyStore keystore = KeyStore.getInstance("PKCS12", "SunJSSE");
keystore.load(new FileInputStream(AAD_CERTIFICATE_PATH),AAD_CERTIFICATE_PASSWORD.toCharArray());
String alias = keystore.aliases().nextElement();
PrivateKey key = (PrivateKey) keystore.getKey(alias, AAD_CERTIFICATE_PASSWORD.toCharArray());
X509Certificate cert = (X509Certificate) keystore.getCertificate(alias);
AsymmetricKeyCredential asymmetricKeyCredential = AsymmetricKeyCredential.create(AAD_CLIENT_ID,key, cert);
AuthenticationContext ctx = new AuthenticationContext(AAD_TENANT_ENDPOINT, false, service);
Future<AuthenticationResult> result = ctx.acquireToken(AAD_RESOURCE_ID, asymmetricKeyCredential, null);
AuthenticationResult authenticationResult = result.get();
String token = authenticationResult.getAccessToken();
Il en résulte exception suivante auth
AuthenticationException: com.microsoft.aad.adal4j.AuthenticationException: {"error":"invalid_client","error_description":"AADSTS70002: Error validating credentials. AADSTS50027: Invalid JWT token. No certificate thumbprint specified in token header.\r\nTrace ID: 9719e621-d8ef-4194-93cd-a78103d5df6b\r\nCorrelation ID: f0300795-fb99-44b2-bd95-8df3975290be\r\nTimestamp: 2016-08-29 13:51:26Z"}
Je ne sais pas comment passer thumbprint tout en appelant acquireToken
. Quelque chose manque-t-il ici?
Pouvez-vous nous montrer comment vous construisez 'asymmetricKeyCredential'? –
mis à jour l'article original avec l'extrait complet – YogeshORai
Quelqu'un peut suggérer ce qui manque ici – YogeshORai