-
Bug
-
Resolution: Unresolved
-
Medium
-
Assets - Azure Integration 1.9.0
-
5
-
Severity 3 - Minor
-
13
-
Issue Summary
The customer is trying to import users and groups from Azure and it's not working. Customer is using Azure US Government on Azure Environment while creating an import configuration.
Investigating the documentation, found that we use https://graph.microsoft.com as endpoint but for Microsoft Graph for US Government needs to be https://graph.microsoft.us
Reference: https://learn.microsoft.com/en-us/graph/deployments#microsoft-graph-and-graph-explorer-service-root-endpoints
This is reproducible on Data Center: No
Steps to Reproduce
Create an Import configuration:
- Set up Azure integration
- Use Azure US Government as the region
- Click on test
Expected Results
Import works to import users and groups from Azure using Azure US Government on Azure Environment
Actual Results
It didn't import any users or groups.
The below exception is thrown in the atlassian-jira.log file:
2024-02-01 17:42:18,042+0000 insight-InsightImportThreadGroup-worker-thread-2 ERROR rterrell@kbrcloud.us [c.r.j.p.a.i.manager.impl.UserService] Error fetching Azure User data for subscription id #000000-000-000-000-0- com.microsoft.graph.http.GraphServiceException: Error code: InvalidAuthenticationToken Error message: Inbound policy evaluation empty. Unkown failure GET https://graph.microsoft.com/v1.0/users?%24select=id%2CdisplayName%2Cmail%2CmailNickname%2CuserPrincipalName%2CusageLocation%2CaccountEnabled%2CgivenName%2Csurname%2CuserType%2CcompanyName%2CstreetAddress%2CofficeLocation%2Cstate%2Ccountry%2Ccity%2CpostalCode%2CmobilePhone%2CjobTitle%2Cdepartment%2CbusinessPhones%2ConPremisesDistinguishedName%2ConPremisesDomainName%2ConPremisesSamAccountName%2ConPremisesSecurityIdentifier%2ConPremisesSyncEnabled%2ConPremisesUserPrincipalName&%24top=25 SdkVersion : graph-java/v2.3.0 Authorization : [PII_REDACTED] 401 : Unauthorized [...] [Some information was truncated for brevity, enable debug logging for more details] at com.microsoft.graph.http.GraphServiceException.createFromConnection(GraphServiceException.java:501) at com.microsoft.graph.http.CoreHttpProvider.handleErrorResponse(CoreHttpProvider.java:503) at com.microsoft.graph.http.CoreHttpProvider.sendRequestInternal(CoreHttpProvider.java:423) at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:220) at com.microsoft.graph.http.CoreHttpProvider.send(CoreHttpProvider.java:200) at com.microsoft.graph.http.BaseCollectionRequest.send(BaseCollectionRequest.java:92) at com.microsoft.graph.requests.extensions.UserCollectionRequest.get(UserCollectionRequest.java:71) at com.riadalabs.jira.plugins.azure.imports.manager.impl.UserService.getAzureUsersForSubscriptionId(UserService.java:272) at com.riadalabs.jira.plugins.azure.imports.manager.impl.UserService.get(UserService.java:204) at com.riadalabs.jira.plugins.azure.imports.manager.impl.UserService.get(UserService.java:38) at com.google.common.cache.LocalCache$LocalManualCache$1.load(LocalCache.java:4925) at com.google.common.cache.LocalCache$LoadingValueReference.loadFuture(LocalCache.java:3571) at com.google.common.cache.LocalCache$Segment.loadSync(LocalCache.java:2313) at com.google.common.cache.LocalCache$Segment.lockedGetOrLoad(LocalCache.java:2190) at com.google.common.cache.LocalCache$Segment.get(LocalCache.java:2080) at com.google.common.cache.LocalCache.get(LocalCache.java:4012) at com.google.common.cache.LocalCache$LocalManualCache.get(LocalCache.java:4920) at io.riada.CacheProvider.get(CacheProvider.java:49) at com.riadalabs.jira.plugins.azure.imports.manager.impl.UserService.getData(UserService.java:174) at com.riadalabs.jira.plugins.azure.imports.manager.impl.UserService.getDataHolder(UserService.java:136) at com.riadalabs.jira.plugins.azure.imports.manager.AzureContentManager.getDataEntries(AzureContentManager.java:26) at com.riadalabs.jira.plugins.azure.imports.AzureImportModule.dataHolder(AzureImportModule.java:74) at com.riadalabs.jira.plugins.azure.imports.AzureImportModule.dataHolder(AzureImportModule.java:43) at com.riadalabs.jira.plugins.insight.services.jira.module.ImportModuleDelegator.dataHolder(ImportModuleDelegator.java:56) at com.riadalabs.jira.plugins.insight.services.imports.common.importjobprovider.ImportJobProvider.getImportDataHolder(ImportJobProvider.java:142) at com.riadalabs.jira.plugins.insight.services.imports.common.importjobprovider.DataHolderFetcherJobProvider$DataHolderFetcher.fetchDataHolder(DataHolderFetcherJobProvider.java:106) at com.riadalabs.jira.plugins.insight.services.imports.common.importjobprovider.DataHolderFetcherJobProvider$DataHolderFetcher.executeTask(DataHolderFetcherJobProvider.java:94) at com.riadalabs.jira.plugins.insight.services.imports.common.importjobprovider.DataHolderFetcherJobProvider$DataHolderFetcher.executeTask(DataHolderFetcherJobProvider.java:78) at com.riadalabs.jira.plugins.insight.services.core.multithreadservice.InsightServiceJob.call(InsightServiceJob.java:41) at com.atlassian.sal.core.executor.ThreadLocalDelegateCallable.call(ThreadLocalDelegateCallable.java:38) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at java.base/java.lang.Thread.run(Thread.java:829)
Workaround
Currently there is no known workaround for this behavior. A workaround will be added here when available
- links to
[JSDSERVER-15121] Customer is using Azure US Government on Azure Environment while creating an import configuration.
This is still broken in 1.9.1 - is there a planned release this will be resolved? If not, can I update the .cfg myself?
Appears to still be broken in 1.9.2