Contact usRequest a demo

Using an Azure service principal for database access

The Unblu Collaboration Server can use Azure service principals as a means of authentication when accessing the database.

With Azure service principal authentication in place, Unblu uses the Azure application and client identifiers to connect to Azure and retrieve the token it needs to be able to access the database. The Unblu Server then uses the token as a password when creating JDBC connections to the database.

To make this possible, you must configure both Azure Active Directory and the Unblu Server accordingly.

Authentication for database access using an Azure service principal is currently supported for PostgreSQL and MySQL database. It isn’t supported for Microsoft SQL Server.

Configuring a service principal object for use by the Unblu Server

To enable service principal authentication for the Unblu Server, you must first create an application in Azure. Configure the application with the necessary access rights for your database.

Next, create a client with a client ID and a secret for the application.

Configuring the Unblu Server to use the Azure service principal

With the Azure side set up, you can turn to configuring the Unblu Server. The following configuration properties take their values from the tenant, application, and client you set up in Azure:

Here’s an example configuration for using Azure service principal authentication to access a PostgreSQL database:

Listing 1. Azure service principal authentication example
# General database configuration (1)
com.unblu.storage.database.platform=org.eclipse.persistence.platform.database.PostgreSQLPlatform
com.unblu.storage.database.jdbcProperties=
com.unblu.storage.database.driver=org.postgresql.Driver
com.unblu.storage.database.url=jdbc\:postgresql\://<database-name>.postgres.database.azure.com\:5432/postgres
com.unblu.storage.database.schema=public
com.unblu.storage.database.liquibaseSchema=public

# Azure SPN authentication configuration
com.unblu.storage.database.user=<application-name>
com.unblu.storage.database.azureTenantId=9116ee65-64b0-4f9d-bf46-e2582d0c2760
com.unblu.storage.database.azureClientId=fcdd47d-2220-4692-8218-937be5a74cd8
com.unblu.storage.database.azureClientSecret=vqo9R~qepAkq212Lp8q_U.i-ZrzE4DQ8UT5rpes7

# Proxy configuration for Azure Blob Storage(2)
com.unblu.storage.database.azureProxyUrl=<proxy-url>
com.unblu.server.storage.blob.store.azure.storageProxyUrl=<storage-proxy-url>
com.unblu.server.storage.blob.store.azure.quarantine.storageProxyUrl=<quarantine-proxy-url>
1 For more information on these configuration properties, refer to the page describing how to set up the database you’re using.
2 These configuration properties are required if you access Azure Blob Storage via a proxy.

There are two additional configuration properties related to Azure:

You can usually keep the default values for these configuration properties.

See also