Microsoft Information Protection (MIP) Classification Credential/Decryption Profile fail to retrieve authentication token from MS Azure AD
search cancel

Microsoft Information Protection (MIP) Classification Credential/Decryption Profile fail to retrieve authentication token from MS Azure AD

book

Article ID: 251889

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

Unable to create the Credential/Decryption Profile due to error 'Failed to retrieve authentication token from Microsoft Azure AD':

Environment

Release : 15.8

Cause

Localhost log file states:

04 Oct 2022 09:39:21,400- Thread: 4517 SEVERE [com.microsoft.aad.msal4j.ConfidentialClientApplication] [Correlation ID: xxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxx] Execution of class com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier failed.
Cause:
com.microsoft.aad.msal4j.MsalClientException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetcom.microsoft.aad.msal4j.MsalClientException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Resolution

1. Confirm the Proxy settings is configured correctly in Enforce, General Settings. 

2. Make sure that the proxy certificate has been imported to cacerts file. When a proxy uses its own certificate, the Enforce needs to trust it to be able to connect to Microsoft cloud. More information about importing a certificate can be found here Importing SSL certificates to Enforce or Discover servers (broadcom.com).