ODBC uses service principal to connect to ADX
Hi, we're trying to let ODBC uses azure service principal
to connect to ADX but encounters the error Error requesting access token
The reference guide is this : https://zcusa.951200.xyz/en-us/azure/data-explorer/connect-odbc
The client is on-premise Win 10 .
Here's our attempts.
- Use With Azure Active Directory Interactive authentication using a login ID entered by the user to connect to ADX ==> successful
- Use With Azure Service Principal authentication, below error pops up
Microsoft SQL Server Login i Connection failed: SoLState: CE275 SOL Server Error: O [MicrosoftIODBC Driver 17 for SQL Server][SQL ServerJ Error requesting access token, HTTP status 400, expected 200 Connection failed: SOLState: 08S01 SQL Server Error: 10054 [Microsoft] IODBC Driver 17 for SQL ServerjTCP Provider: An existing connection was forcibly closed by the remote host. Connection failed: SOLState: "08S011 SQL Server Error: 10054 [Microsoft][ODBC Driver 17 for SQL Server]Communication link failure
The error seems like this service principal cannot get access token while doing authentication.
Here's the Azure CLI I used to create the service principal
az ad sp create-for-rbac --name ServicePrincipalName
can login via this CLI as well
And in ADX, already grant permissions Cluster AllDatabasesAdmin
and Database Viewer
to this service principal.
Not knowing which part I'm missing.
Also attach my manifest of service principal here for your reference.
Thank you
{
"id": "xxxxxx",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": null,
"addIns": [],
"allowPublicClient": null,
"appId": "xxxxxx",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2021-10-15T09:40:56Z",
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [
"http://spICS2ADX"
],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "spICS2ADX",
"oauth2AllowIdTokenImplicitFlow": true,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [
{
"adminConsentDescription": "Allow the application to access spICS2ADX on behalf of the signed-in user.",
"adminConsentDisplayName": "Access spICS2ADX",
"id": "xxxxxx",
"isEnabled": true,
"lang": null,
"origin": "Application",
"type": "User",
"userConsentDescription": "Allow the application to access spICS2ADX on your behalf.",
"userConsentDisplayName": "Access spICS2ADX",
"value": "user_impersonation"
}
],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": "//xxxxxx",
"endDate": "2022-10-15T09:40:48.302571Z",
"keyId": "xxxxxx",
"startDate": "2021-10-15T09:40:48.302571Z",
"value": null,
"createdOn": null,
"hint": null,
"displayName": null
}
],
"preAuthorizedApplications": [],
"publisherDomain": "xxxxxx.onmicrosoft.com",
"replyUrlsWithType": [],
"requiredResourceAccess": [],
"samlMetadataUrl": null,
"signInUrl": "https://spICS2ADX",
"signInAudience": "AzureADMyOrg",
"tags": [],
"tokenEncryptionKeyId": null
}