ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

DX APM Azure Monitor - ClientSecret encrypted causes error

book

Article ID: 187363

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

To connect the DX APM 10.7 Azure Monitoring agent to a Microsoft Azure subscription there are some credentials required, one of them being the clientsecret (password).

By default this password appears as plain text in the IntroscopeAgent.profile under the property :

Introscope.agent.azure.profiles.azure.1.clientsecret

For other agents the encryption can be implemented by manually encrypting the password with the PropertiesUtils.

As per documentation this command encrypts the password:

   java -cp Agent.jar com.wily.util.properties.PropertiesUtils encrypt  <clear text key> 

For example:

C:\APM\apmia\lib>..\jre\bin\java.exe -cp Agent.jar com.wily.util.properties.PropertiesUtils encrypt mypassword
0pdwOVy6uIJSkM/CsyM=

However, the encryption of the clientsecret value is not working for the DX APM Azure Monitoring agent.

With clientsecret value in plain text:

The agent works fine:

 

When replaced the client secret with the encrypted password:




The agent fails to show Azure metrics:

Logs show the message:

java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS7000215: Invalid client secret is provided.\r\nTrace ID: e942cd47-0f21-4d26-a2d8-b57586a13300\r\nCorrelation ID: a0b7cb66-522b-4ec3-97c9-88d8135533aa\r\nTimestamp: 2020-03-06 23:23:00Z","error":"invalid_client","error_uri":"https:\/\/login.microsoftonline.com\/error?code=7000215"}

 

 

 

 

 

 







Cause

The DX APM 10.7 Azure monitoring agent is not considering the encrypted password and always considered it as plain text.

Environment

Release : 10.7

Component : APM Agents

Resolution

Engineering has changed the encryption/decryption, not using the PropertiesUtils any more.
The new behavior is that if customer adds a plain text password as value for the password property, it will be automatically encrypted and the profile file updated.

This new behavior has been included, starting at version 20.1, in the SaaS Azure Monitoring agent (it also works with 10.7).

Attachments