search

mrpaulandrew / procfwk

A cross tenant metadata driven processing framework for Azure Data Factory and Azure Synapse Analytics achieved by coupling orchestration pipelines with a SQL database and a set of Azure Functions.
https://mrpaulandrew.com/category/azure/data-factory/adf-procfwk/
Other
185 stars 116 forks source link

Synapse Orchestrator: InvalidTokenAuthenticationAudience #104

Open ThorstenGH opened 3 years ago

ThorstenGH commented 3 years ago

Hello,

Thanks for the great framework!

I ran into one issue: when running the "Check running pipeline" task (I am using Synapse pipelines instead of Data Factory), I get an InvalidTokenAuthenticationAudience error:

Error
{
    "errorCode": "BadRequest",
    "message": "Operation on target Check for Valid SYN Pipeline Name failed: {\"code\":\"InvalidTokenAuthenticationAudience\",\"message\":\"Token Authentication failed with SecurityTokenInvalidAudienceException - IDX10214: Audience validation failed. Audiences: '[PII is hidden]'. Did not match: validationParameters.ValidAudience: '[PII is hidden]' or validationParameters.ValidAudiences: '[PII is hidden]'.\"}",
    "failureType": "UserError",
    "target": "Is Parent Already Running",
    "details": ""
}

I think to fix it you need to replace the resource property in the utility pipeline in the orchestrator switch activity for the Synapse orchestrator from https://management.core.windows.net/" to https://dev.azuresynapse.net/

{
                                    "name": "Check for Valid SYN Pipeline Name",
                                    (...)
                                        "authentication": {
                                            "type": "MSI",
                                            "resource": "https://dev.azuresynapse.net/"

                                        }
                                    }
                                },
                                {
                                    "name": "Get SYN Pipeline Runs",
                                    (...)
                                        "authentication": {
                                            "type": "MSI",
                                            "resource": "https://management.core.windows.net/"
                                        }
                                    }
                                }

Best, Thorsten

TacoTuesdayX365 commented 2 years ago

@mrpaulandrew I am open to taking this. I resolved this issue on my local procfwk.