skip to Main Content

I am tasked with granting admin-consent to an Enterprise application in a long list of tenants.

Currently I have automated this task with JMeter with the following steps:

  1. GET /{TenantId}/oauth2/authorize
  2. POST /{TenantId}/login (login with tenant admin account)
  3. POST /{TenantId}/Consent/Set
  4. GET https://portal.azure.com/TokenAuthorize

And the process is working OK. However I would like to change it to MSAL for two reasons: 1) JMeter is really not the best tool for this job, 2) I would also learn to use some of MSAL, which I believe will come in handy in the future.

However I am not able to even get a token using MSAL. Using the following readily available example: https://github.com/Azure-Samples/ms-identity-msal-java-samples/blob/main/2.%20Client-Side%20Scenarios/Username-Password-Flow/src/main/java/UsernamePasswordFlow.java, the following exception appears:

Exception in thread "main" java.util.concurrent.CompletionException: com.microsoft.aad.msal4j.MsalServiceException: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'.

And I am not able to find the client_secret or the client_assertion for our Enterprise application.

Is there any other way to do it?

Thanks.

2

Answers


  1. Please note that, client_secret or the client_assertion are sometimes required in ROPC flow based on the scenario as mentioned in this MsDoc like below:

    enter image description here

    I created an Enterprise Application in my environment like below:

    enter image description here

    To resolve the error, try the below:

    Go to Azure Portal -> App Registrations -> Select App with your Enterprise Application name -> Authentication

    enter image description here

    If still the issue persists, create a client secret like below:

    Go to Azure Portal -> App Registrations -> Select App with your Enterprise Application name -> Certificates & secrets

    enter image description here

    Reference:

    How do I resolve the error AADSTS7000218: The request body must contain the following parameter: ‘client_secret’ or ‘client_assertion’ by Jayendran

    Login or Signup to reply.
  2. I would just generate the correct link, as specified here. https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent#construct-the-url-for-granting-tenant-wide-admin-consent

    And click that several times.
    Going through MSAL will not help you because it only does the user consent and not the admin consent.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search