I have an error "org.apache.qpid.jms.provider.exceptions.ProviderSecurityException: InvalidSignature: The token has an invalid signature." when using ServiceBus with JMS in SpringBoot app

Question

I have an error "org.apache.qpid.jms.provider.exceptions.ProviderSecurityException: InvalidSignature: The token has an invalid signature." when using ServiceBus with JMS in SpringBoot app

Artur Liwocha 5

I am using SpringBoot 2.7.6, Java 17 and followed all the steps to configure ServiceBus using this guide here: https://learn.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-service-bus?tabs=use-a-service-bus-topic, but somehow I cannot connect to Azure ServiceBus and I keep receiving the error which is in the topic of this thread. My app is deployed as Kubernetes Service to Azure, all the permissions seems to be fine in terms of Azure. Also I double checked credentials like connection string etc.

I did pretty all the same like in the guide above, nothing special. I am using ServiceBus topic, therefore I provided connection string, pricing-tier and topic-client-id in application.properties. Also I configured JmsListener providing topic name and subscription name as well as topicJmsListenerContainerFactory.

What am I doing wrong?

Artur Liwocha 5 Reputation points

2023-07-27T07:45:18.77+00:00

Hi. Thank you for your reply. What do you mean by 'authentication token' ? Does it mean Azure Service Bus connection string? I am using only the connection string that was generated in the Azure Portal. It contains SAS key that I believe is enough to connect to Service Bus, isn't it? I am using premium tier.
In fact, recently we managed to discover what the problem might be. The SAS key was originally created at the topic level and somehow it did not work, however when it was created at the queue/namespace level, it worked for me. Of course we would like the SAS key to have more fine-grained permissions (at the topic level), but still we cannot understand why it does not work. Any ideas?
Artur Liwocha 5 Reputation points

2023-07-27T07:46:57.3366667+00:00

We have already submitted a ticket to the Microsoft support regarding this case.
Grmacjon-MSFT 19,151 Reputation points Moderator

2023-08-07T18:42:23.67+00:00

Hi @Artur Liwocha , checking to see if your issue was resolved by the support team. If you're still experiencing this issue please let us know
Artur Liwocha 5 Reputation points

2023-08-08T06:27:40.74+00:00

Hi @Grmacjon-MSFT , the problem was resolved by the support team. Not sure what was wrong, but they probably changed something on their side and it began to work for me.
Grmacjon-MSFT 19,151 Reputation points Moderator

2023-08-10T05:03:55.3666667+00:00

Thanks for the update. Glad to hear the issue was resolved.

1 answer

Your answer

Artur Liwocha 5 Reputation points

2023-07-27T07:45:18.77+00:00

Hi. Thank you for your reply. What do you mean by 'authentication token' ? Does it mean Azure Service Bus connection string? I am using only the connection string that was generated in the Azure Portal. It contains SAS key that I believe is enough to connect to Service Bus, isn't it? I am using premium tier.
In fact, recently we managed to discover what the problem might be. The SAS key was originally created at the topic level and somehow it did not work, however when it was created at the queue/namespace level, it worked for me. Of course we would like the SAS key to have more fine-grained permissions (at the topic level), but still we cannot understand why it does not work. Any ideas?
Artur Liwocha 5 Reputation points

2023-07-27T07:46:57.3366667+00:00

We have already submitted a ticket to the Microsoft support regarding this case.
Grmacjon-MSFT 19,151 Reputation points Moderator

2023-08-07T18:42:23.67+00:00

Hi @Artur Liwocha , checking to see if your issue was resolved by the support team. If you're still experiencing this issue please let us know
Artur Liwocha 5 Reputation points

2023-08-08T06:27:40.74+00:00

Hi @Grmacjon-MSFT , the problem was resolved by the support team. Not sure what was wrong, but they probably changed something on their side and it began to work for me.
Grmacjon-MSFT 19,151 Reputation points Moderator

2023-08-10T05:03:55.3666667+00:00

Thanks for the update. Glad to hear the issue was resolved.

Answer 1

Hi @Artur Liwocha , we are sorry to hear you're facing this issue.

The error "org.apache.qpid.jms.provider.exceptions.ProviderSecurityException: InvalidSignature: The token has an invalid signature." means that there is an issue with the authentication token used to connect to Azure Service Bus.

Please make sure that the authentication token used to connect to Azure Service Bus is correct and that it has not expired. You can generate a new authentication token in the Azure portal under the Service Bus namespace.

You can also enable diagnostics for the Service Bus namespace to get more detailed information about the issue. You can enable diagnostics in the Azure portal under the Service Bus namespace.

Azure Service Bus Premium tier supports JMS 1.1 and JMS 2.0.

Azure Service Bus - Standard tier supports limited JMS 1.1 functionality. For more details, please refer to this documentation.

Can you please share how set up you authentication? did you use DefaultAzureCredential ?Are you using the standard or premium tier?

Share via

I have an error "org.apache.qpid.jms.provider.exceptions.ProviderSecurityException: InvalidSignature: The token has an invalid signature." when using ServiceBus with JMS in SpringBoot app

1 answer

Your answer