You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
Next: Root
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
The Atlassian Community can help you and your team get more value out of Atlassian products and practices.
Hello,
I try to get Azure AD integration with Crowd 3.0 running with an Azure subscription for Azure GermanyCentral, i.e. using cloud environment "AzureGermanCloud"
When configuring the Azure AD in Crowd, I have to enter the "tenant id", but there is no input for selecting a different cloud environment, which in my case is "GermanAzureCloud".
As a result, when I try to synchronize from Crowd I got the following error in server log:
2017-10-23 09:05:34,252 Caesium-2-3 INFO [atlassian.crowd.directory.DbCachingRemoteDirectory] failed synchronisation complete for directory [ 98306 ] in [ 1024ms ]
2017-10-23 09:05:34,283 Caesium-2-3 ERROR [atlassian.crowd.directory.DbCachingDirectoryPoller] Error occurred while refreshing the cache for directory [ 98306 ].
com.atlassian.crowd.exception.OperationFailedException: java.util.concurrent.ExecutionException: com.google.common.util.concurrent.UncheckedExecutionException: com.atlassian.crowd.exception.Op
erationFailedException: java.util.concurrent.ExecutionException: com.microsoft.aad.adal4j.AuthenticationException: {"error_description":"AADSTS90038: Confidential Client is not supported in Cr
oss Cloud request.\r\nTrace ID: 7108517d-5bd7-494b-9fd4-1536b8a86300\r\nCorrelation ID: cb8a8e3d-93f8-47db-90aa-720e3455fadd\r\nTimestamp: 2017-10-23 09:05:34Z","error":"invalid_request"}
Those "AADSTS90038: Confidential Client is not supported in Cross Cloud request." is the typical error message because the Crowd client is using the default URLs of "AzureCloud" for accessing GraphAPI, but I need to use the GermanAzureCloud-specific settings to get access to Azure AD working.
Is it possible to configure Crowd to use "cloud_environment=AzureGermanCloud"?
Thanks in advance,
Rainer
To see Urls - e.g. GraphUrl - using PowerShell:
> Get-AzureEnvironment
...
Name : AzureGermanCloud
EnableAdfsAuthentication : False
ActiveDirectoryServiceEndpointResourceId : https://management.core.cloudapi.de/
AdTenant : Common
GalleryUrl : https://gallery.azure.com/
ManagementPortalUrl : http://portal.microsoftazure.de/
ServiceManagementUrl : https://management.core.cloudapi.de/
PublishSettingsFileUrl : https://manage.microsoftazure.de/publishsettings/index
ResourceManagerUrl : https://management.microsoftazure.de/
SqlDatabaseDnsSuffix : .database.cloudapi.de
StorageEndpointSuffix : core.cloudapi.de
ActiveDirectoryAuthority : https://login.microsoftonline.de/
GraphUrl : https://graph.cloudapi.de/
TrafficManagerDnsSuffix : azuretrafficmanager.de
AzureKeyVaultDnsSuffix : vault.microsoftazure.de
AzureKeyVaultServiceEndpointResourceId : https://vault.microsoftazure.de
...
A Crowd developer verified that it is not currently possible to use the Azure Germany URLs with Crowd.
I will update this thread when we have a public facing issue so you will know when we fix this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Here is the ticket, as mentioned. Please vote or comment to emphasize your case. Doing so will also add you to notifications for the bug report: Crowd Azure integration doesn't work for tenants using non-default api URLs
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Rainer Montag,
You might also want to take a look at our Office 365 Directory Connector for Crowd (ODCC)
ODCC does support Azure AD tenants residing in Azure Germany.
You can get more details about the ODCC plugin on our website: https://www.cleito.com/products/odcc/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.