Azure - Create Cognitive Search service indexer for SharePoint data source: Unable to get connected to your resource

user2250152
November 9, 2023
266 views
0 votes
2 Answers

I’ve created a Cognitive Search service and enabled the managed identity.

The data source is a SharePoint site from another tenant. In another tenant I’ve created an Entra app with delegated permissions Sites.Read.All and Files.Read.All. All permissions have been granted.

JSON definition for the data source is

{
    "name": "sharepoint-datasource",
    "type": "sharepoint",
    "credentials": {
        "connectionString": "SharePointOnlineEndpoint=https://<tenant_name>.sharepoint.com/sites/<site_name>;ApplicationId=<application_id>;TenantId=<tenant_id>"
    },
    "container": {
        "name": "defaultSiteLibrary",
        "query": null
    }
}

JSON definition for the indexer is

{
    "name" : "sharepoint-indexer",
    "dataSourceName" : "sharepoint-datasource",
    "targetIndexName" : "sharepoint-index",
    "parameters": {
      ...
      "configuration": {
        "indexedFileNameExtensions" : ".pdf, .docx",
        "excludedFileNameExtensions" : ".png, .jpg",
        "dataToExtract": "contentAndMetadata"
      }
    },
    "schedule" : { },
    "fieldMappings" : [
        { 
          "sourceFieldName" : "metadata_spo_site_library_item_id", 
          "targetFieldName" : "id", 
          "mappingFunction" : { 
            "name" : "base64Encode" 
          } 
         }    
    ]
}

Once I clicked on Save button, I sent a request to get a status of the indexer.

The status and the error message indicates that I need to authenticate

"status": "transientFailure",
"errorMessage": "To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CBJXPDJY3 to authenticate"

I’ve opened the page, entered the device code and authenticated.

It looks promising, but in Azure Portal I see that indexer is still saving and nothin happens. After several minutes it fails with the error.

Error with data source: Unable to get connected to your resource. If
your administrator has not given consent, use this link to grant
administrative consent.
https://login.microsoftonline.com/organizations/v2.0/adminconsent?client_id=%3C%3CapplicationId%3E%3E&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient&scope=.default.
Please adjust your data source definition in order to proceed.

The administrator has already given consent, so it’s confusing what can be the real issue and how to resolve it.

Tags: azure azure-cognitive-search

Answers

- renehaskia
- November 7, 2023 at 11:08 am
- 0 votes
0
Your approach seems correct to me. Maybe try placing the path to the site in the query. Below data source config works for me.
```
{
"name": "<NAME>",
"type": "sharepoint",
"credentials": {
    "connectionString": "SharePointOnlineEndpoint=https://<TENANT>.sharepoint.com;ApplicationId=<VALUE>;TenantId=<VALUE>"
},
"container": {
    "name": "useQuery",
    "query": "includeLibrary=https://<TENANT>.sharepoint.com/<PATH>/<TO_YOUR_SITE>/Forms/AllItems.aspx"
}
```
}
Login or Signup to reply.

- GiaMondragonMSFT
- November 9, 2023 at 10:41 pm
- 0 votes
0
The issue you’re experiencing with Azure Cognitive Search SharePoint indexer (preview) has been recognized as a known issue by the product team.

Our team has crafted a hotfix to address this problem. Regrettably, the deployment of this fix to the Search Service won’t occur until December due to the prioritization of General Availability (GA) features over Preview features. This connector is supported on a best-effort basis, in line with the Preview Terms of Use.

In the interim, we suggest using application permissions as a workaround, rather than user delegated permissions. This modification should enable you to create new indexers until the hotfix is implemented.

We sincerely apologize for any inconvenience this may have caused and appreciate your understanding and patience.

Login or Signup to reply.