Share via

Data Flows - Invalid client secret provided. - Source or sink using Azure SQL Server Linked service with authenticating with Server Principal + Cert in Azure Key Vault

Leonardo Merida Mejia 21 Reputation points Microsoft Employee
2022-08-24T20:19:56.26+00:00

Sample error message:
Job failed due to reason: SPKeyAuthenticator fail to get access token with exception:java.util.concurrent.ExecutionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000215: Invalid client secret provided. Ensure the secret being sent in the request is the client secret value, not the client secret ID, for a secret added to app 'xxxxxx-xxxx-xxxxxxx-xxxx'. Trace ID: 3e6ed1fb-9fd9-4db6-8034-3d4716580300 Correlation ID: 387f6746-5b79-4fff-95df-2b95751dd643 Timestamp: 2022-08-23 22:11:40Z, authority:None,tenantId:Some(xxxxx-xxxxxx-xxxxx-xxxxxxxxx), spnId:xxxxx-xxxxxx-xxxxxx-xxx

Same dataset/linked service with the same configuration (Azure SQl server with Server Principal + Cert in Azure Key Vault) works when running a Copy Activity or connecting in spark

is this a known issue?

Azure Synapse Analytics
Azure Synapse Analytics

An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.

0 comments

Answer accepted by question author

KranthiPakala-MSFT 46,827 Reputation points Moderator
2022-08-26T01:22:30.583+00:00

Hello @Leonardo Merida Mejia ,

Thanks for the question and using MS Q&A platform.

As per my understanding you are using Service Principal + Certificate (KeyVault) based authentication in Mapping data flow and it is failing but it works in copy activity. Please correct me if I'm not accurate.

As per my internal research, Certificate based authentication in ADF dataflows isn't supported which is why you are seeing this behavior. This is a known product limitation.

We recommend you to please submit a feature request in IDEAS forum here: https://feedback.azure.com/d365community/forum/1219ec2d-6c26-ec11-b6e6-000d3a4f032c
Please do share the feedback link here once it is posted so that others with similar requirement can up-vote and comment on it to increase the priority.

Hope this will help. Please let us know if any further queries.

------------------------------

  • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how

Was this answer helpful?

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.