none
Unable to retrieve service principal key

    Question

  • Hi,

    I've been trying to use data factory (V2) to load data in Azure Data lake. I selected "Service Principal" as authenticate type. However, I'm not able to retrieve the Service Principal key but I could get the service principal ID and Tenant info.

    I looked at MS doc and the commands that is posted to use in power shell did not provide the service principal key. Also, I did not create any web app to generate service key.

    Thanks.

    Thursday, March 15, 2018 2:45 PM

All replies

  • You'll need to create a web app in order to generate a service principal key.  You can do this through the Azure portal online. Navigate to Azure Active Directory from the list of resources on the left, click App Registrations, and find your existing Service Principal, or create a new one (Application type: Web app/API) if necessary. Once you've selected your Service Principal, go to Settings > Keys, and then create a new key by writing a name under 'Description', choosing a duration, and then hitting Save at the top of the menu. After you save, you'll be able to save the Service Principal key.  The Application ID is your Service Principal ID, and your Tenant info will remain the same.
    Thursday, March 15, 2018 4:07 PM
  • Thanks. That's what I was wondering before to see if it was possible to retrieve a service principal key without creating a web app..and the answer is that you have to create one first as you had mentioned.

    I was still getting an error after I added that newly generated service principal key from the web app. The resolution was to add permission to the web app within the Data Lake and that resolved the issue. I've attached the following link that has the instructions.

    https://docs.microsoft.com/en-us/azure/data-lake-store/data-lake-store-secure-data#filepermissions

    One last thing. There is a MS document that describes to run the following Powershell to retrive the key. However, when I ran that within Azure PowerShell (with object id), it did not return anything.

    $ServicePrincipalId = (Get-AzureADServicePrincipal -Top 1).ObjectId
    Get-AzureADServicePrincipalKeyCredential -ObjectId $ServicePrincipalId


    • Edited by Galaxite Thursday, March 15, 2018 7:44 PM
    Thursday, March 15, 2018 7:40 PM
  • Try using a managed service identity instead. Relieves all that service principal pain.

    https://docs.microsoft.com/en-us/azure/data-factory/connector-azure-data-lake-store#using-managed-service-identity-authentication

    Saturday, March 17, 2018 4:41 PM