[Azure] BearerToken Error: Invalid HTTP Response: 400

[Osman]

Afternoon All,

This may prove to be a timing thing or it may be that I need to update the Azure Sync executable. It was discovered today that our Sync between Azure and Hornbill has not been working for about 4 weeks, our Secret had expired in AzureAAD. This has been renewed and the conf.json updated appropriately. However, after waiting about two hours and then attempting the sync, I got:

2023/08/08 15:22:28 [DEBUG] ---- Hornbill Azure User Import Utility V2.7.3 ----
2023/08/08 15:22:28 [DEBUG] Flag - Config File conf.json
2023/08/08 15:22:28 [DEBUG] Flag - Zone eur
2023/08/08 15:22:28 [DEBUG] Flag - Log Prefix 
2023/08/08 15:22:28 [DEBUG] Flag - Dry Run false
2023/08/08 15:22:28 [DEBUG] Flag - Workers 1
2023/08/08 15:22:28 [MESSAGE] ---- Azure Import Utility v2.7.3 ----
2023/08/08 15:22:28 [MESSAGE] Flag - config goAzure2HUserImport
2023/08/08 15:22:28 [MESSAGE] Flag - logprefix 
2023/08/08 15:22:28 [MESSAGE] Flag - dryrun false
2023/08/08 15:22:28 [MESSAGE] Flag - instanceid 
2023/08/08 15:22:28 [MESSAGE] Flag - apikey 
2023/08/08 15:22:28 [MESSAGE] Flag - apitimeout 60
2023/08/08 15:22:28 [MESSAGE] Flag - workers 1

2023/08/08 15:22:28 [MESSAGE] Flag - forcerun false
2023/08/08 15:22:29 [ERROR] GET https://api.github.com/repos/hornbill/goAzure2HUserImport/tags: 404 Not Found []
2023/08/08 15:22:29 [DEBUG] Loading Config File: E:\Hornbill_User_Imports\HB_Users/conf.json
2023/08/08 15:22:29 [DEBUG] Processing Old Log Files Current Retention Set to: 0
2023/08/08 15:22:29 [MESSAGE] Querying Group [Hornbill User Access]
2023/08/08 15:22:29 [MESSAGE] [Azure] Query Azure Data using Graph API. Please wait...
2023/08/08 15:22:29 [DEBUG] [SCRIPT] Generating Bearer Token
2023/08/08 15:22:29 [ERROR]  [Azure] BearerToken Error: Invalid HTTP Response: 400
2023/08/08 15:22:29 [DEBUG] Processing Azure User Data
2023/08/08 15:22:29 [DEBUG] Azure Users Processed: 0

I went off to grab the latest goAzure2HUserImport executable in case it was that, but it doesn't exist anymore on Git. Has something changed? Notwithstanding the inability to get a newer version of the sync exe, any idea what might be causing the above?

Thanks

Osman

[Steve Giller]

Please review the latest documentation (much has changed, including where to get the latest version from!) then update to the latest version, make any configuration changes necessary, and this will hopefully resolve the current issues.

If not, please post back here and we will investigate further.

[Osman]

Thanks for the speedy response. I did find this, but as the exe had a different name, I wasn't confident that it was what I needed. Will give it a go.

[Osman]

Hi Steve,

Have downloaded the tool and attempted to get it working, but the documentation isn't particularly clear on what authentication information is required to be added to the conf.json. As each time I do a -dryrun it is asking for the Instance ID and API key even though I have specified a conf.json with the information included?

Thanks

Osman

[Steve Giller]

@Osman 

3 minutes ago, Osman said:

the documentation isn't particularly clear on what authentication information is required to be added to the conf.json

No authentication information is added to the json, to prevent this plain-text file being vulnerable in the case of a cyber attack.

The information provided on the first run is encrypted and stored locally, please review the Preparing to Run the Import section for further details.

[Osman]

Hi Steve,

Thanks for this, all sorted. Looks like the old exe was still working, I actually put a typo in the Client ID when updating the conf.json after creating a new Secret when it had expired in AAD. I have now moved over to the new exe anyway as I assume the new security process will eventually be mandatory.

Thanks

Osman