DefaultAzureCredential authentication failed. IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId"

Question

I'm trying to create a resource group from an azure client using azure java SDK with Azure cloud resource management and identity APIs. I'm using the Azure Tools plugin in IntelliJ(I'm able to log in using both azure CLI and service principle). Below is my code:

    AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
    TokenCredential credential = new DefaultAzureCredentialBuilder()
            .authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
            .build();
    AzureResourceManager azureResourceManager = AzureResourceManager
            .configure()
            .withLogLevel(HttpLogDetailLevel.BASIC)
            .authenticate(credential, profile)
            .withDefaultSubscription();
    
    ResourceGroup rg = azureResourceManager.resourceGroups().define(resourceGroupName)
            .withRegion(Region.fromName(region))
            .create();

But when I'm executing this I get the below error:

2021-06-20 00:39:32.971 ERROR 67464 --- [           main] c.azure.identity.EnvironmentCredential   : Azure Identity => ERROR in EnvironmentCredential: Missing required environment variable AZURE_CLIENT_ID
2021-06-20 00:39:33.825 ERROR 67464 --- [           main] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:39:33.827  INFO 67464 --- [           main] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:39:35.340 ERROR 67464 --- [           main] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:39:35.344 ERROR 67464 --- [           main] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:39:35.344  INFO 67464 --- [           main] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:39:35.423 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:39:35.423  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:39:35.426 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:39:35.426 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:40:05.431 ERROR 67464 --- [     parallel-2] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:40:05.432  INFO 67464 --- [     parallel-2] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:40:05.433 ERROR 67464 --- [     parallel-2] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, No route to host (connect failed).
2021-06-20 00:40:05.434 ERROR 67464 --- [     parallel-2] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, No route to host (connect failed).
2021-06-20 00:40:05.434  INFO 67464 --- [     parallel-2] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:40:05.435 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:40:05.435  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:40:05.438 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:40:05.438 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:40:35.439 ERROR 67464 --- [     parallel-4] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:40:35.440  INFO 67464 --- [     parallel-4] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:40:36.945 ERROR 67464 --- [     parallel-4] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:40:36.946 ERROR 67464 --- [     parallel-4] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:40:36.946  INFO 67464 --- [     parallel-4] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:40:36.947 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:40:36.947  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:40:36.950 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:40:36.950 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:41:06.954 ERROR 67464 --- [     parallel-6] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:41:06.954  INFO 67464 --- [     parallel-6] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:41:08.459 ERROR 67464 --- [     parallel-6] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:41:08.460 ERROR 67464 --- [     parallel-6] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:41:08.460  INFO 67464 --- [     parallel-6] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:41:08.461 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:41:08.461  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:41:08.463 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:41:08.463 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.hyperion.mongo.service.AzureServices]: Constructor threw exception; nested exception is java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: DefaultAzureCredential authentication failed. ---> IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    x
Caused by: com.azure.core.exception.ClientAuthenticationException: DefaultAzureCredential authentication failed. ---> IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    at com.azure.identity.ChainedTokenCredential.lambda$getToken$1(ChainedTokenCredential.java:62) ~[azure-identity-1.3.1.jar:na]
    at reactor.core.publisher.Mono.lambda$onErrorResume$31(Mono.java:3460) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onError(FluxPeekFuseable.java:234) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxPeekFuseable$PeekConditionalSubscriber.onError(FluxPeekFuseable.java:903) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxMap$MapConditionalSubscriber.onError(FluxMap.java:259) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators.error(Operators.java:197) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoError.subscribe(MonoError.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Mono.subscribe(Mono.java:4046) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators.complete(Operators.java:136) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoEmpty.subscribe(MonoEmpty.java:45) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Mono.subscribe(Mono.java:4046) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:425) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:270) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:228) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:789) ~[reactor-core-3.4.3.jar:3.4.3]
    ... 28 common frames omitted
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:855) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1212) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1604) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1582) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:299) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:156) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4526) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3333) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.azure.identity.implementation.IntelliJCacheAccessor.getAuthDetailsIfAvailable(IntelliJCacheAccessor.java:256) ~[azure-identity-1.3.1.jar:na]
    at com.azure.identity.implementation.IdentityClient.authenticateWithIntelliJ(IdentityClient.java:302) ~[azure-identity-1.3.1.jar:na]
    at com.azure.identity.IntelliJCredential.lambda$getToken$2(IntelliJCredential.java:87) ~[azure-identity-1.3.1.jar:na]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44) ~[reactor-core-3.4.3.jar:3.4.3]

I have also exported the following in environment vars:

$ export AZURE_CLIENT_ID=2XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXb
$ export AZURE_TENANT_ID=1XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXe
$ export AZURE_CLIENT_SECRET=6XXXXXXXXf

Below is my POM.xml:

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.3.1</version>
</dependency>
<dependency>
    <groupId>com.azure.resourcemanager</groupId>
    <artifactId>azure-resourcemanager</artifactId>
    <version>2.6.0</version>
</dependency>

HyperioN · Accepted Answer · 2021-07-26T18:54:10.627

2

The following steps worked for me when authenticating using environment variables:

Edit ~./bash_profile and add the following variables:

export AZURE_CLIENT_ID=XXXX-XXX-XXXX-XXXX-XXXXXXX
export AZURE_TENANT_ID=XXXX-XXX-XXXX-XXXX-XXXXXXX
export AZURE_CLIENT_SECRET=XXXXXXXXXXXXXXX
Restart IntelliJ(mandatory), as the changes in the environment variable don't take effect unless you restart your IDE.

edited Jul 26 '21 at 18:54

answered Jul 26 '21 at 18:41

HyperioN

3,433
2
22
36

score 0 · Answer 2 · edited Jun 30 '22 at 09:52

If authenticating with IntelliJ IDEA,

1)KeePass configuration is required for Windows.

2) A user has signed in with an Azure account in IntelliJ IDEA.

3) Check your environment variables with System.getenv("AZURE_TENANT_ID").

When using DefaultAzureCredential, please note the two tips.

Setting .tenantId(String) on the builder or the environment variable AZURE_TENANT_ID configures the DefaultAzureCredential to authenticate to a specific tenant for shared token cache, Visual Studio Code, and IntelliJ IDEA.
Setting .intelliJKeePassDatabasePath(String) on the builder configures the DefaultAzureCredential to read a specific KeePass file when authenticating with IntelliJ credentials.

Code:

DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
  .intelliJKeePassDatabasePath("C:\\Users\\user\\AppData\\Roaming\\JetBrains\\IdeaIC2020.1\\c.kdbx")
  .tenantId(String) // add tenantId, if not set environment variables 
  .build();

Also, you could use IntelliJCredential with .keePassDatabasePath(String) for IntelliJ especially.

It's better to set env variables through IntellJIDEA, you should enter to Run/Debug Configurations -> Click on Modify Options, -> Environment Variables. — Brayan Loayza, Jul 28 '23 at 16:42

DefaultAzureCredential authentication failed. IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId"

2 Answers2

Linked