Share via

Auth issues when connecting to service bus connector using service principal and certificate from logic app

Sunita 22 Reputation points Microsoft Employee
2025-12-18T07:34:20.9033333+00:00

I'm able to authenticate to the service bus connector using managed identity, however, my use case involves authenticating via service principal and certificate from key vault. The service principal has service bus data receiver role added to the service bus.

I downloaded the certificate from the keyvault in pfx format. There is no password associated with the cert. When I upload it, the api connection is in error state. Below is the connection config and the connection state json after creation, It seems like it;s expecting CLIENT_SECRET which shouldn't be the case when authenticating via cert.

image

Connection Error: 

"statuses": [             {                 "status": "Error",                 "target": "token",                 "error": {                     "code": "Unauthorized",                     "message": "Failed to acquire access token for service using client credentials flow: IdentityProvider=aadcertificate. Correlation Id=41de39d2-18a7-4fd2-856c-1sffddgg8d, UTC TimeStamp=12/9/2025 11:09:21 PM, Error: No key 'clientsecret' for grant_type={GrantType}&client_id={ClientId}&client_secret={ClientSecret}&resource={ResourceUri}"                 }             }         ]
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-18T07:35:47.0066667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When authenticating to the Service Bus connector using a service principal and a certificate, ensure that the certificate is correctly configured and that the API connection settings are appropriate for certificate-based authentication. Here are some steps to troubleshoot the issue:

    1. Certificate Upload: Make sure that the certificate you downloaded from the Key Vault is correctly uploaded and that it is in the expected format. Since you mentioned that there is no password associated with the certificate, ensure that this is correctly reflected in the configuration.
    2. Connection Configuration: Verify that the connection configuration does not require a client_secret when using certificate-based authentication. The error message indicates that the connection is expecting a client_secret, which suggests that the configuration might not be set up for certificate authentication.
    3. Grant Type: Check that the grant type is set to use the certificate. The error message indicates an issue with acquiring an access token using client credentials flow, which typically requires a client_secret for traditional service principal authentication. Ensure that the configuration is set for certificate authentication instead.
    4. Permissions: Confirm that the service principal has the necessary permissions to access the Service Bus. You may need to assign the appropriate roles to the service principal to ensure it can authenticate successfully.
    5. Logs and Diagnostics: Review any logs or diagnostic information available in Azure to get more details about the authentication failure. This can provide insights into what might be misconfigured.

    If the issue persists, consider reaching out to Azure support for further assistance, as they can provide more detailed insights based on the specific configuration and error logs.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.