clientSecret is null or empty when using ActiveDirectoryServicePrincipal in AKS

Driver version

9.2.0.jre11

SQL Server version

Client Operating System

Stock adoptopenjdk/openjdk11:alpine-jre image running on AKS

JAVA/JVM version

OpenJDK 11

Table schema

N/A

Problem description

1. Expected behaviour: Spring Boot on AKS can connect to Azure SQL using ActiveDirectoryServicePrincipal auth method
2. Actual behaviour: Client secret is null is thrown even when client secret is not null. Code works outside of AKS
3. Error message/stack trace: See trace logs below
4. Any other details that can be helpful: Code works normally outside of AKS in local JDK for example

JDBC trace logs

2021-02-06 00:42:59.062 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:serverName Value:############.database.windows.net 2021-02-06 00:42:59.069 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:databaseName Value:#####-##-## 2021-02-06 00:42:59.069 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:authentication Value:ActiveDirectoryServicePrincipal 2021-02-06 00:42:59.069 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:AADSecurePrincipalId Value:######################## 2021-02-06 00:42:59.071 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:AADSecurePrincipalSecret Value:######################## 2021-02-06 00:42:59.084 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:serverName Value:############.database.windows.net 2021-02-06 00:42:59.086 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:databaseName Value:#####-##-## 2021-02-06 00:42:59.087 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:authentication Value:ActiveDirectoryServicePrincipal 2021-02-06 00:42:59.089 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:AADSecurePrincipalId Value:######################## 2021-02-06 00:42:59.089 -DEBUG 1 --- [ main] c.m.s.jdbc.internals.SQLServerDriver : | | Property:AADSecurePrincipalSecret Value:######################## 2021-02-06 00:42:59.137 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 created by (SQLServerDriver:1) 2021-02-06 00:42:59.159 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt server name: ############.database.windows.net port: 1433 InstanceName: null useParallel: false 2021-02-06 00:42:59.164 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt endtime: 1612543409142 2021-02-06 00:42:59.169 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt No: 0 2021-02-06 00:42:59.181 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 Connecting with server: ############.database.windows.net port: 1433 Timeout slice: 29972 Timeout Full: 30 2021-02-06 00:42:59.242 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 ClientConnectionId: 684f45d8-34ea-46a7-a47f-3b2f4330866c Server returned major version:12 2021-02-06 00:42:59.298 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt server name: accd344a115f.tr26.westus2-a.worker.database.windows.net port: 11065 InstanceName: null useParallel: false 2021-02-06 00:42:59.298 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt endtime: 1612543409142 2021-02-06 00:42:59.298 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 This attempt No: 1 2021-02-06 00:42:59.298 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 Connecting with server: accd344a115f.tr26.westus2-a.worker.database.windows.net port: 11065 Timeout slice: 29844 Timeout Full: 30 2021-02-06 00:42:59.304 -DEBUG 1 --- [ main] c.m.s.j.internals.SQLServerConnection : | | ConnectionID:1 ClientConnectionId: 011ddc7f-9d66-4144-8c84-28cbbf7fbab9 Server returned major version:12 2021-02-06 00:42:59.351 -DEBUG 1 --- [ main] com.zaxxer.hikari.pool.PoolBase : | | HikariPool-1 - Failed to create/setup connection: clientSecret is null or empty 2021-02-06 00:42:59.355 -DEBUG 1 --- [ main] com.zaxxer.hikari.pool.HikariPool : | | HikariPool-1 - Cannot acquire connection from data source java.lang.IllegalArgumentException: clientSecret is null or empty at com.microsoft.aad.msal4j.ClientSecret.<init>(ClientSecret.java:20) at com.microsoft.aad.msal4j.ClientCredentialFactory.createFromSecret(ClientCredentialFactory.java:27) at com.microsoft.sqlserver.jdbc.SQLServerMSAL4JUtils.getSqlFedAuthTokenPrincipal(SQLServerMSAL4JUtils.java:80) at com.microsoft.sqlserver.jdbc.SQLServerConnection.getFedAuthToken(SQLServerConnection.java:4538) at com.microsoft.sqlserver.jdbc.SQLServerConnection.onFedAuthInfo(SQLServerConnection.java:4497) at com.microsoft.sqlserver.jdbc.SQLServerConnection.processFedAuthInfo(SQLServerConnection.java:4460) at com.microsoft.sqlserver.jdbc.TDSTokenHandler.onFedAuthInfo(tdsparser.java:289) at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:125) at com.microsoft.sqlserver.jdbc.TDSParser.parse(tdsparser.java:37) at com.microsoft.sqlserver.jdbc.SQLServerConnection.sendLogon(SQLServerConnection.java:5332) at com.microsoft.sqlserver.jdbc.SQLServerConnection.logon(SQLServerConnection.java:4068) at com.microsoft.sqlserver.jdbc.SQLServerConnection$LogonCommand.doExecute(SQLServerConnection.java:4006) at com.microsoft.sqlserver.jdbc.TDSCommand.execute(IOBuffer.java:7418) at com.microsoft.sqlserver.jdbc.SQLServerConnection.executeCommand(SQLServerConnection.java:3274) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectHelper(SQLServerConnection.java:2768) at com.microsoft.sqlserver.jdbc.SQLServerConnection.login(SQLServerConnection.java:2418) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connectInternal(SQLServerConnection.java:2265) at com.microsoft.sqlserver.jdbc.SQLServerConnection.connect(SQLServerConnection.java:1291) at com.microsoft.sqlserver.jdbc.SQLServerDriver.connect(SQLServerDriver.java:881) at com.zaxxer.hikari.util.DriverDataSource.getConnection(DriverDataSource.java:121) at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:358) at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:206) at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:477) at com.zaxxer.hikari.pool.HikariPool.checkFailFast(HikariPool.java:560) at com.zaxxer.hikari.pool.HikariPool.<init>(HikariPool.java:115) at com.zaxxer.hikari.HikariDataSource.getConnection(HikariDataSource.java:112) at liquibase.integration.spring.SpringLiquibase.afterPropertiesSet(SpringLiquibase.java:311) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1853) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1790) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:594) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:516) at org.springframework.beans.factory.support.AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:324) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:234) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:322) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:311) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202) at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1109) at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:869) at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:551) at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:143) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:758) at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:750) at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:405) at org.springframework.boot.SpringApplication.run(SpringApplication.java:315) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1237) at org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) at com.aia.irecruit.IrecruitApplication.main(IrecruitApplication.java:32) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.base/java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:49) at org.springframework.boot.loader.Launcher.launch(Launcher.java:107) at org.springframework.boot.loader.Launcher.launch(Launcher.java:58) at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:88)

Reproduction code

Running the sample JDBC code from the docs (https://docs.microsoft.com/en-us/sql/connect/jdbc/connecting-using-azure-active-directory-authentication?view=sql-server-ver15#connecting-using-activedirectoryserviceprincipal-authentication-mode) inside an AKS pod will also trigger the same problem