03-22-2023 03:35 PM
While trying to setup a Power BI connection to the Azure Delta Lake we ran into several issues around Service Principals.
1) The API listed on the learn.microsoft site (link 1 below) indicates that there is an API you can use to create SP tokens. When trying to utilize this functionality a message gets generated stating that on-behalf of is disabled.
2) Documentation (Link 2) on using service-principals doesn't mention the above API or that Behalf-of is disabled.
3) The path that's described uses an Azure AD Token process. This process only works if you're setting up a configuration that can send a token to request a temporary access token for use. (Rest API)
4) Our use case was in regards to Power BI so the application can't directly follow the process referenced and there isn't another solution provided.
*It was noticed that the AWS documentation actually talks about using the API to get the On-Behalf of token.
I think there's room for improvement here when we're talking about documentation. I opened github request with Microsoft but it's not really moving.
Link 1 - Administration Guide, Service Principals
Link 2 - Tokens
Link 3 - Administration Guide, Service Principals (AWS)
Our solution:(Still on going)
03-31-2023 04:50 AM
You`ve not had any more advancement on this have you?, we`ve just driven headling into the same brickwall.
03-31-2023 04:53 AM
No I can't seem to get any answers from anyone on this issue. The github issue has been open for a month. We had to use AD User accounts instead as a workaround.
03-31-2023 05:46 AM
Hey Chris,
Just sharing this with you (were going to ask the question of databricks anyway) however, we have managed to get something working by;
1/ Generating an AAD token (one of the huge ones) from the command line (i.e. https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/user-aad-token)
2/ Using THIS token as the Bearer token in the REST call to .../token-management/on-behalf-of/tokens
3/ This gives us a PAT and no error, this PAT then actually works in PowerBI.
Disclaimer, we don`t know if this PAT is retaining it`s lifetime yet.
Andy
03-31-2023 05:48 AM
Thanks @Andy Skinner
03-31-2023 05:52 AM
BTW the bearer token was generated using the service principles id in the --resource parameter, it`s effectively generating a bearer token on behalf of the sprinp. Still not sure how it`s working!
03-31-2023 06:54 PM
Hi @Christopher Shehu
Hope everything is going great.
Just wanted to check in if you were able to resolve your issue. If yes, would you be happy to mark an answer as best so that other members can find the solution more quickly? If not, please tell us so we can help you.
Cheers!
04-04-2023 03:50 AM
hello,
i am new here from india, here to share some thoughts with you all
Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.
If there isn’t a group near you, start one and help create a community that brings people together.
Request a New Group