How to authenticate with Federated identity credential using Data factory user managed identity

Perka, Vilas 0 Reputation points
2024-03-14T19:02:24.0666667+00:00

I am trying to access a azure protected resource (Data lake) of another azure tenant from my azure tenant using data factory linked service. It works using client secret. However, when using Federated identity credential in the app registration and user managed identity for my data factory, i am receiving below error. Please advise what could be missing.

ADLS Gen2 operation failed for: Operation returned an invalid status code 'Unauthorized'. Account: 'hcmlakeuat'. FileSystem: 'subscriptions'. Path: ' 6398033c-2b72-480c-9116-8029efe7eb95'. ErrorCode: 'InvalidAuthenticationInfo'. Message: 'Server failed to authenticate the request. Please refer to the information in the www-authenticate header.'. RequestId: '15ea01fa-101f-0096-2040-76d3f5000000'. TimeStamp: 'Thu, 14 Mar 2024 18:51:39 GMT'..

Operation returned an invalid status code 'Unauthorized'

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
651 questions
Azure Data Factory
Azure Data Factory
An Azure service for ingesting, preparing, and transforming data at scale.
10,113 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. PRADEEPCHEEKATLA-MSFT 85,121 Reputation points Microsoft Employee
    2024-03-15T04:57:42.2866667+00:00

    @Perka, Vilas - Thanks for the question and using MS Q&A platform.

    It seems like there is an issue with the authentication of your user managed identity. The error message suggests that the server failed to authenticate the request.

    To authenticate with Federated identity credential using Data factory user managed identity, you need to create a trust relationship between a user-assigned managed identity and an external identity provider.

    You can follow the steps mentioned in this document to create a trust relationship between a user-assigned managed identity and an external identity provider.

    Once you have created the trust relationship, you can use the Federated identity credential in the app registration and user managed identity for your data factory.

    If you are still facing the issue, please provide more information about the steps you have followed and the configuration you have set up and share the complete stack trace of the error message which you are experiencing.

    For more details, refer to Managed identity for Azure Data Factory.

    Hope this helps. Do let us know if you any further queries.

    0 comments
  2. Babu Rajan (Tata Consultancy Services Limi) 0 Reputation points Microsoft Vendor
    2024-07-08T06:20:18.22+00:00

    @Perka, Vilas,
    We are also trying to access same federated credentials through ADF linked service. But we are not able to see any option to select federated credentials option.

    Could you please elaborate the steps to add federated credentials managed identity option through Linked service in ADF pipeline.

    Please let me know , If you need more information.

    0 comments