Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Java Agent 3.6.2 not authenticating correctly using managed identity (agent 3.6.1 works great on the same setup) #3981

Open
luisfeliz79 opened this issue Dec 13, 2024 · 1 comment
Assignees
Labels
dependencies Pull requests that update a dependency file

Comments

@luisfeliz79
Copy link

Expected behavior

App Insights with local authentication disabled - Java Agent 3.6.2 should authenticate using managed identity

Actual behavior

App Insights with local authentication disabled - Java Agent 3.6.2 is failing to authenticate using managed identity.

To Reproduce

On an Ubuntu Linux Azure VM with the System Assigned managed identity enabled

export APPLICATIONINSIGHTS_CONNECTION_STRING='InstrumentationKey=REDACTED;IngestionEndpoint=https://eastus2-3.in.applicationinsights.azure.com/;LiveEndpoint=https://eastus2.livediagnostics.monitor.azure.com/;ApplicationId=REDACTED'

export APPLICATIONINSIGHTS_AUTHENTICATION_STRING=Authorization=AAD

java -javaagent:"applicationinsights-agent-3.6.2.jar" -jar /path/to/jar

Submitting a PR with an example reproducing the issue in this repository would make it easier for the Application Insight maintainers to help you. Before doing this, you have to fork this repository.

System information

Please provide the following information:

  • SDK Version: Java Agent 3.6.2
  • OS type and version: Ubuntu 24.04.1 LTS
  • Application Server type and version (if applicable):
  • Using spring-boot? No
  • Additional relevant libraries (with version, if applicable):

Logs

Turn on SDK logs and attach/paste them to the issue. If using an application server, also attach any relevant server logs.

Log output from Agent 3.6.2 - which is not working
2024-12-13 04:06:10.205Z DEBUG c.m.a.m.AcquireTokenByManagedIdentitySupplier - [Managed Identity] Managed Identity source and ID type identified and set successfully, request will use Managed Identity for IMDS
2024-12-13 04:06:10.453Z INFO com.microsoft.aad.msal4j.HttpHelper - [Correlation ID: null] Sent (null) Correlation Id is not same as received (null).
2024-12-13 04:06:10.510Z ERROR c.a.i.ManagedIdentityCredential - Azure Identity => ERROR in getToken() call for scopes [https://monitor.azure.com//.default]: Managed Identity authentication is not available.
2024-12-13 04:06:10.527Z ERROR c.a.c.i.AccessTokenCache - {"az.sdk.message":"Failed to acquire a new access token.","exception":"Managed Identity authentication is not available."}

Log output from Agent 3.6.1 - which is working great on the same setup:
2024-12-13 03:57:05.862Z INFO c.a.i.ManagedIdentityCredential - Azure Identity => Managed Identity environment: AZURE VM IMDS ENDPOINT
2024-12-13 03:57:05.862Z DEBUG c.a.i.ManagedIdentityCredential - Azure Identity => getToken() result for scopes [https://monitor.azure.com//.default]: SUCCESS
2024-12-13 03:57:05.868Z DEBUG c.m.a.m.ConfidentialClientApplication - [Correlation ID: xxxxx] Access Token was returned

Be sure to remove any private information from the logs before posting!

Screenshots

If applicable, add screenshots to help explain your problem.

@harsimar harsimar self-assigned this Jan 16, 2025
@harsimar
Copy link
Contributor

harsimar commented Jan 16, 2025

Hi! Thanks for reporting this. We have found that v3.6.2 had some azure identity / msal dependencies that needed an update - those dependencies have since been bumped and the issue will be fixed in the next java agent release.

see: #3979

@harsimar harsimar added the dependencies Pull requests that update a dependency file label Jan 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

No branches or pull requests

2 participants