The documentation for setting this up is tucked away in a file named AUTH.md<\/a> in github, but you have to know a little Azure AD in order to understand what is happening here. In step 5. you create the service principal via the Azure CLI command below<\/p>\n This Service Principal shows up as an application in the Azure Portal which is a little confusing since it is listed amongst real application entries. The guid of the the Application ID is something you need to copy, because you will use this as the client id in your Java program configuration.<\/p>\n Even though you did provide a password, you need to create a key in the portal. The value can be anything you like but make sure you don’t loose it, because the portal will not display its value once you have saved it.<\/p>\n Creating the configuration file<\/strong><\/p>\n The configuration file holds the client + key to identify the service principal but it should also contain information about the\u00a0Azure subscription that we like to use and the Azure AD that can authenticate us. The Azure CLI command “azure account show” can display your current subscription and AAD tenant. The ID field is the subscription ID and you also need to copy the Tenant ID, which is the guid for the Azure AD that we will authenticate with.<\/p>\n These four values – client, key, subscription id and tenant id – is something you put in a text file you store with your Java application. It has the following format:<\/p>\n The URLs is something you likely just can steal with pride from somewhere, but if you really like to get the values for real, you can get them with the Azure CLI command “azure account env show AzureCloud”, where the value “AzureCloud” comes\u00a0of the output in the previous CLI command.<\/p>\n Granting access to the Service Principal<\/strong><\/p>\n If you ran your Java program now, it would be able to authenticate against Azure AD using the Service Principal but it would not be able to do anything in the Azure Subscription because we haven’t granted it any access rights yet. Depending on how you are going to use this service principal, you may add it to a resource group, etc, but if you are building something that should be able to manage all resources in the subscription, you need to add it as a Contributor to the entire subscription.<\/p>\n Go to Subscriptions (Yellow key) > Access >Control (IAM) and add the service principal as a Contributor.<\/p>\n Testing that it works<\/strong><\/p>\n To test that it works you can create a tiny Java application that uses the Azure SDK for Java. The 1.0.0-beta version of the SDK builds with Maven, so create a Maven project and enter the dependancy in the pom.xml file<\/p>\n Then pass the configuration file to the Azure.authenticate method and you will be able to access resources in your subscription. The below little sample program just lists all resource groups (which in this test was just a single one)<\/p>\n References<\/strong><\/p>\n Azure SDK for Java Documentation for creating the Service Principalazure config mode arm\r\nazure ad sp create --name spFawltytowers2 --password <pwd><\/pre>\n
![\"azurejdk-auth-01\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AzureJDK-Auth-01.png\")
<\/a><\/p>\n![\"azurejdk-auth-02\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AzureJDK-Auth-02.png\")
<\/a><\/p>\n![\"azurejdk-auth-03\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AzureJDK-Auth-03.png\")
<\/a><\/p>\n![\"azurejdk-auth-04\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AzureJDK-Auth-04.png\")
<\/a><\/p>\n![\"azurejdk-auth-05\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AzureJDK-Auth-05.png\")
<\/a><\/p>\n<?xml version=\"1.0\" encoding=\"UTF-8\"?>\r\n<project xmlns=\"http:\/\/maven.apache.org\/POM\/4.0.0\"\r\n xmlns:xsi=\"http:\/\/www.w3.org\/2001\/XMLSchema-instance\"\r\n xsi:schemaLocation=\"http:\/\/maven.apache.org\/POM\/4.0.0 http:\/\/maven.apache.org\/xsd\/maven-4.0.0.xsd\">\r\n <modelVersion>4.0.0<\/modelVersion>\r\n\r\n <groupId>com.fawltytowers2<\/groupId>\r\n <artifactId>aztest1<\/artifactId>\r\n <version>1.0-SNAPSHOT<\/version>\r\n\r\n <dependencies>\r\n <dependency>\r\n <groupId>com.microsoft.azure<\/groupId>\r\n <artifactId>azure<\/artifactId>\r\n <version>1.0.0-beta3<\/version>\r\n <\/dependency>\r\n <\/dependencies>\r\n\r\n<\/project><\/pre>\n
![\"azurejdk-auth-06\"](\"https:\/\/blog.redbaronofazure.com\/wp-content\/uploads\/2016\/12\/AZUREJDK-AUTH-06.png\")
<\/a><\/p>\n
\nhttps:\/\/github.com\/Azure\/azure-sdk-for-java<\/a><\/p>\n
\nhttps:\/\/github.com\/Azure\/azure-sdk-for-java\/blob\/master\/AUTH.md<\/a><\/p>\n