search

microsoft / azure-tools-for-java

Azure tools for Java, including Azure Toolkits for Eclipse, IntelliJ and related projects.
Other
240 stars 161 forks source link

[Eclipse][authentication error] Failed to upload artifacts to adl gen 1 storage with authentication exception `AADSTS700027: Client assertion contains an invalid signature.` #2785

Closed jingyanjingyan closed 4 years ago

jingyanjingyan commented 5 years ago

Build: dev996

Repro Steps:

  1. Edit "SparkCore_WasbIOTest.scala" with "adls://..." and unique output file name
  2. Submit to "spark2-1adls" cluster

Result: Fails

List spark clusters ... List spark clusters successfully List additional spark clusters successfully Begin uploading file C:\Users\v-yajing\Desktop\HDI\eclipseworkfolder\2019227\2019227.jar to Azure Datalake store adl://devtooltelemetryadls.azuredatalakestore.net/clusters/hdi-root/SparkSubmission ... Error : Failed to submit application to spark cluster. Exception : com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key used is expired., Thumbprint of key used by client: 'FEE7837AEDA22B9C13EF27ED6A4A5143F6B8F8E8', Found key 'Start=01\/28\/2018 16:00:00, End=01\/28\/2019 16:00:00', Please visit 'https:\/\/developer.microsoft.com\/en-us\/graph\/graph-explorer' and query for 'https:\/\/graph.microsoft.com\/beta\/applications\/38cf1aad-04a3-465c-ae31-e0f27fa709c3' to see configured keys]\r\nTrace ID: 9b5a3607-298c-4745-a141-2ad7e00e0400\r\nCorrelation ID: 8940e0ba-6faf-4c69-ba1b-44f6c2aa24c3\r\nTimestamp: 2019-02-28 04:01:01Z","error":"invalid_client"} See detailed job information from https://spark2-1adls.azurehdinsight.net//yarnui/hn/cluster/app/application_1547412213167_0038 See detailed job log from local:C:\Users\v-yajing\Desktop\HDI\eclipse-java-neon-3-win32-x86_64\eclipse\plugins\SparkJobLog\application_1547412213167_0038\log.txt

log.txt

wezhang commented 5 years ago

It failed at WebHDFSUtils::getAccessTokenFromCertificate() code result.get() :

        final ADLSCertificateInfo certificateInfo = storageAccount.getCertificateInfo();
        AuthenticationContext ctx = new AuthenticationContext(certificateInfo.getAadTenantId(), true, service);
        AsymmetricKeyCredential asymmetricKeyCredential = AsymmetricKeyCredential.create(certificateInfo.getClientId(), certificateInfo.getKey(), certificateInfo.getCertificate());
        final Future<AuthenticationResult> result = ctx.acquireToken(certificateInfo.getResourceUri(), asymmetricKeyCredential , null);
        final AuthenticationResult ar = result.get();
        return ar.getAccessToken();
wezhang commented 5 years ago

IntelliJ hits the same issue with submitting to that cluster. After changed to a new cluster, both IntelliJ and Eclipse work well.

vscjavaci commented 4 years ago

Track internal issue by AB#1748133