RabbitMQ authentication using Azure ADB2C tokens is not working

84 views
Skip to first unread message

Mohit Darmwal

unread,
Mar 10, 2021, 11:42:54 PM3/10/21
to rabbitmq-users

I am trying to use Azure AD as OAuth server for RabbitMQ authentication. For this i want to use Azure ADB2C tokens. I have enabled RabbitMq's oauth2 plugin. And i want to use signing key as public private key setup.

Few details regarding setup i have before reaching to this question...

1. I have Azure ADB2C setup to authenticate my users to our REST API in application. This works fine. 
2. I tried to authenticate RabbitMQ with open source OAuth 2 server like UAA, this works fine too.

Idea is to use JWT token that Azure ADB2C generates to authenticate & authorize users to the RabbitMQ. server. I have private key from Azure ADB2C User Flow generated Metadata document JWKS URI. So i used this JWKS URI - JWT token to generate public key. I have provided the above generated public key to RabbitMQ config as follows

{rabbitmq_auth_backend_oauth2, [ {resource_server_id, <<"rabbitmq">>}, {key_config, [ {default_key, <<"key-1">>}, {signing_keys, #{<<"key-1">> => {pem, <<"-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtVKUtcx/n9rt5afY/2WF NvU6PlFMggCatsZ3l4RjKxH0jgdLq6CScb0P3ZGXYbPzXvmmLiWZizpb+h0qup5j znOvOr+Dhw9908584BSgC83YacjWNqEK3urxhyE2jWjwRm2N95WGgb5mzE5XmZIv kvyXnn7X8dvgFPF5QwIngGsDG8LyHuJWlaDhr/EPLMW4wHvH0zZCuRMARIJmmqiM y3VD4ftq4nS5s8vJL0pVSrkuNojtokp84AtkADCDU/BUhrc2sIgfnvZ03koCQRoZ mWiHu86SuJZYkDFstVTVSR0hiXudFlfQ2rOhPlpObmku68lXw+7V+P7jwrQRFfQV XwIDAQAB -----END PUBLIC KEY-----">>} } }]}]}

I have created an AD user in Azure ADB2C and assigned it to RabbitMQ app registered over Azure. I have provided default scopes to the RabbitMQ app registered with rabbitMQ-permissions like rabbitmq.read... etc. and I have provided default API permission to App registered. Now in my java application i am trying to make connection to RabbitMQ with following code

CredentialsProvider credentialsProvider = new OAuth2ClientCredentialsGrantCredentialsProviderBuilder() .tokenEndpointUri("http://****/B2C_1_RabbitMQ/oauth2/v2.0/token") .clientId("rabbit_client_from_Azure").clientSecret("rabbit_secret_from_Azure") .grantType("password") .parameter("username", "rabbit_admin_from_Azure") .parameter("password", "rabbit_admin_from_Azure") .build();

 connectionFactory.setCredentialsProvider(credentialsProvider);
 Connection connection = connectionFactory.newConnection(); // Line 1

When i run above code, Line 1 it gives me error as below

Exception in thread "main" com.rabbitmq.client.impl.OAuthTokenManagementException: HTTP request for token retrieval did not return 200 response code: 400

I am not sure why i am getting above error. I initially thought it would be a matter of scopes/permission from Azure ADB2C registered RabbitMQ app, but i am not able to figure out what i am missing here. 

Any help here is much appreciated.

Reply all
Reply to author
Forward
0 new messages