This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 26%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHX%3C/text%3E%3C/svg%3E)
Attempting to use RBAC authentication to connect to Cosmos DB results in different behaviors based on the disableLocalAuth setting.
When disableLocalAuth is set to false, the connection to Cosmos DB is successful, and data can be retrieved. However, setting disableLocalAuth to true leads to the following error:
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'cosmosAsyncClient' defined in class path resource [com/azure/spring/autoconfigure/cosmos/CosmosAutoConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.azure.cosmos.CosmosAsyncClient]: Factory method 'cosmosAsyncClient' threw exception; nested exception is java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
Failed to instantiate [com.azure.cosmos.CosmosAsyncClient]: Factory method 'cosmosAsyncClient' threw exception; nested exception is java.lang.RuntimeException: Client initialization failed. Check if the endpoint is reachable and if your auth token is valid. More info: https://aka.ms/cosmosdb-tsg-service-unavailable-java
and we already assign COSMOS build in data contributor role for exiting service principle.
Is there anyone who has encountered a similar issue? is there any missing steps for setting?
TokenCredential servicePrincipal =
new ClientSecretCredentialBuilder()
.authorityHost("https://login.microsoftonline.com")
.tenantId(cosmosConfig.getTenantId())
.clientId(cosmosConfig.getClientId())
.clientSecret(cosmosConfig.getClientKey())
.build();
return client = new CosmosClientBuilder()
.endpoint(cosmosConfig.getUri())
.credential(servicePrincipal)
.consistencyLevel(ConsistencyLevel.SESSION)
.buildAsyncClient();
When you are assigning role, you need the "Object Id" from Azure AD Application, however, when you are authenticating application into Cosmos DB you need to use "Application Id" from Azure AD Application.
Hey Sajeetharan,
Thank you for sharing this. what I understand that "Object Id" from Azure AD application is: "Object Id" of service principal, am I right?
but I am not sure this part "Application Id" from Azure AD Application, could you please explain more?
and disableLocalAuth == false, above code can connect Cosmos db, but after setting disableLocalAuth as true, throw bean "cosmosAsyncClient" initialization error