search cancel

DX APM Azure Monitor - ClientSecret encrypted causes error


Article ID: 187363


Updated On:


CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management


To connect the DX APM 10.7 Azure Monitoring agent to a Microsoft Azure subscription there are some credentials required, one of them being the clientsecret (password).

By default this password appears as plain text in the IntroscopeAgent.profile under the property :

For other agents the encryption can be implemented by manually encrypting the password with the PropertiesUtils.

As per documentation this command encrypts the password:

   java -cp Agent.jar encrypt  <clear text key> 

For example:

C:\APM\apmia\lib>..\jre\bin\java.exe -cp Agent.jar encrypt mypassword

However, the encryption of the clientsecret value is not working for the DX APM Azure Monitoring agent.

With clientsecret value in plain text:

The agent works fine:


When replaced the client secret with the encrypted password:

The agent fails to show Azure metrics:

Logs show the message:

java.util.concurrent.ExecutionException: {"error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: e942cd47-0f21-4d26-a2d8-b57586a13300\r\nCorrelation ID: a0b7cb66-522b-4ec3-97c9-88d8135533aa\r\nTimestamp: 2020-03-06 23:23:00Z","error":"invalid_client","error_uri":"https:\/\/\/error?code=7000215"}








Release : 10.7

Component : APM Agents


The DX APM 10.7 Azure monitoring agent is not considering the encrypted password and always considered it as plain text.


Engineering has changed the encryption/decryption, not using the PropertiesUtils any more.
The new behavior is that if customer adds a plain text password as value for the password property, it will be automatically encrypted and the profile file updated.

This new behavior has been included, starting at version 20.1, in the SaaS Azure Monitoring agent (it also works with 10.7).