diff --git a/sdk/identity/azure-identity/CHANGELOG.md b/sdk/identity/azure-identity/CHANGELOG.md
index 79bb6084c32a..875eb13a8ff6 100644
--- a/sdk/identity/azure-identity/CHANGELOG.md
+++ b/sdk/identity/azure-identity/CHANGELOG.md
@@ -5,6 +5,7 @@
### Features Added
### Breaking Changes
+- Renamed `enableAzureTokenProxy()` method in `WorkloadIdentityCredentialBuilder` to `enableAzureProxy()`. These changes only affect code written against beta version 1.19.0-beta.1.
### Bugs Fixed
diff --git a/sdk/identity/azure-identity/TROUBLESHOOTING.md b/sdk/identity/azure-identity/TROUBLESHOOTING.md
index 30ca6240d8dc..e6383d2d6916 100644
--- a/sdk/identity/azure-identity/TROUBLESHOOTING.md
+++ b/sdk/identity/azure-identity/TROUBLESHOOTING.md
@@ -255,6 +255,7 @@ Get-AzAccessToken -ResourceUrl "https://management.core.windows.net"
|---|-------------------------------------------------------------------------------------------------------------------------------|---|
|`CredentialUnavailableException` raised with message. "WorkloadIdentityCredential authentication unavailable. The workload options are not fully configured."| The `WorkloadIdentityCredential` requires `clientId`, `tenantId` and `tokenFilePath` to authenticate with Microsoft Entra ID. | - If using `DefaultAzureCredential` then:
- Ensure client ID is specified via `workloadIdentityClientId` setter or `AZURE_CLIENT_ID` env variable.
- Ensure tenant ID is specified via `AZURE_TENANT_ID` env variable.
- Ensure token file path is specified via `AZURE_FEDERATED_TOKEN_FILE` env variable.
- Ensure authority host is specified via `AZURE_AUTHORITY_HOST` env variable.
- If using `WorkloadIdentityCredential` then:
- Ensure tenant ID is specified via `tenantId` setter on credential builder or `AZURE_TENANT_ID` env variable.
- Ensure client ID is specified via `clientId` setter on the credential builder or `AZURE_CLIENT_ID` env variable.
- Ensure token file path is specified via `tokenFilePath` setter on the credential builder or `AZURE_FEDERATED_TOKEN_FILE` environment variable.
- Consult the [product troubleshooting guide](https://azure.github.io/azure-workload-identity/docs/troubleshooting.html) for other issues.
|`CredentialUnavailableException` raised with message. "WorkloadIdentityCredential authentication unavailable. The request to the authority host was invalid."| The configured properties for workload identity are invalid. | Ensure the properties for workload identity are correctly configured on the credential builder and right permissions are assigned to the workload identity.
+|In an application using [Azure Kubernetes Service identity bindings](https://learn.microsoft.com/azure/aks/identity-bindings-concepts): - AADSTS700211: No matching federated identity record found for presented assertion issuer ...
- AADSTS700212: No matching federated identity record found for presented assertion audience 'api://AKSIdentityBinding'.
|`WorkloadIdentityCredential` isn't configured to use the identity binding proxy|Call `WorkloadIdentityCredentialBuilder.enableAzureProxy()` while building the credential.
## Troubleshoot `IntelliJCredential` authentication issues
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/WorkloadIdentityCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/WorkloadIdentityCredentialBuilder.java
index a19bd61d66ae..d036657ee0ba 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/WorkloadIdentityCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/WorkloadIdentityCredentialBuilder.java
@@ -50,7 +50,7 @@
public class WorkloadIdentityCredentialBuilder extends AadCredentialBuilderBase {
private static final ClientLogger LOGGER = new ClientLogger(WorkloadIdentityCredentialBuilder.class);
private String tokenFilePath;
- private boolean enableTokenProxy;
+ private boolean enableAzureProxy;
/**
* Creates an instance of a WorkloadIdentityCredentialBuilder.
@@ -76,10 +76,10 @@ public WorkloadIdentityCredentialBuilder tokenFilePath(String tokenFilePath) {
* environment variables (AZURE_KUBERNETES_TOKEN_PROXY, AZURE_KUBERNETES_CA_FILE,
* AZURE_KUBERNETES_CA_DATA, AZURE_KUBERNETES_SNI_NAME).
*
- * @return An updated instance of this builder with Azure token proxy enabled.
+ * @return An updated instance of this builder with Azure proxy enabled.
*/
- public WorkloadIdentityCredentialBuilder enableAzureTokenProxy() {
- this.enableTokenProxy = true;
+ public WorkloadIdentityCredentialBuilder enableAzureProxy() {
+ this.enableAzureProxy = true;
return this;
}
@@ -105,7 +105,7 @@ public WorkloadIdentityCredential build() {
ValidationUtil.validate(this.getClass().getSimpleName(), LOGGER, "Client ID", clientIdInput, "Tenant ID",
tenantIdInput, "Service Token File Path", federatedTokenFilePathInput);
- if (enableTokenProxy) {
+ if (enableAzureProxy) {
ProxyConfig proxyConfig = CustomTokenProxyConfiguration.parseAndValidate(configuration);
if (proxyConfig != null) {
identityClientOptions.setHttpClient(new CustomTokenProxyHttpClient(proxyConfig));
diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialIdentityBindingTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialIdentityBindingTest.java
index b5c4ac25672b..ab8a2ec756ff 100644
--- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialIdentityBindingTest.java
+++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialIdentityBindingTest.java
@@ -148,7 +148,7 @@ public void testAksProxyWithCaFile() throws CertificateParsingException {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -177,7 +177,7 @@ public void testAksProxyWithCaFileAsync() {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -206,7 +206,7 @@ public void testAksProxyWithCaData() {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -236,7 +236,7 @@ public void testAksProxyWithInvalidTokenFile() {
.tokenFilePath(nonExistentTokenFile.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -268,7 +268,7 @@ public void testAksProxyWithInvalidCaCertificate() throws Exception {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -298,7 +298,7 @@ public void testAksProxyWithHttpScheme() {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(httpProxyUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -328,7 +328,7 @@ public void testAksProxyWithMalformedUrl() {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(malformedUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -357,7 +357,7 @@ public void testAksProxyUnreachable() {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(unreachableProxyUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -387,7 +387,7 @@ public void testAksProxyWithEmptyTokenFile() throws Exception {
.tokenFilePath(emptyTokenFile.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -417,7 +417,7 @@ public void testAksProxyWithUrlEncodedCharactersInPath() throws Exception {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(proxyUrlWithEncoding)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -460,7 +460,7 @@ public void testAksProxyWithCaFileButNoSni() throws Exception {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
@@ -510,7 +510,7 @@ public void testAksProxyWithMismatchedSniAndCertificate() throws Exception {
.tokenFilePath(tokenFilePath.toString())
.configuration(configuration)
.authorityHost(serverBaseUrl)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.disableInstanceDiscovery()
.build();
diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialTest.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialTest.java
index 5e5d76948e8f..1e5470ab0e40 100644
--- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialTest.java
+++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/WorkloadIdentityCredentialTest.java
@@ -236,7 +236,7 @@ public void testProxyEnabledWithProxyUrlGetsToken(@TempDir Path tempDir) throws
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
StepVerifier.create(credential.getToken(request1))
@@ -270,7 +270,7 @@ public void testProxyEnabledWithoutProxyUrlGetsToken(@TempDir Path tempDir) thro
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
StepVerifier.create(credential.getToken(request1))
@@ -297,7 +297,7 @@ public void testProxyEnabledInvalidProxyUrlSchemeFailure(@TempDir Path tempDir)
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
});
}
@@ -317,7 +317,7 @@ public void testProxyUrlWithQueryFailure(@TempDir Path tempDir) throws IOExcepti
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
});
}
@@ -337,7 +337,7 @@ public void testProxyUrlWithFragmentFailure(@TempDir Path tempDir) throws IOExce
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
});
}
@@ -357,7 +357,7 @@ public void testProxyUrlWithUserInfoFailure(@TempDir Path tempDir) throws IOExce
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
});
}
@@ -385,7 +385,7 @@ public void testCaFileAndCaDataPresentFailure(@TempDir Path tempDir) throws IOEx
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
});
}
@@ -417,7 +417,7 @@ public void testProxyEnabledWithProxyUrlGetsTokenSync(@TempDir Path tempDir) thr
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
AccessToken token = credential.getTokenSync(request1);
@@ -453,7 +453,7 @@ public void testProxyUrlWithCaDataAcquiresToken(@TempDir Path tempDir) throws IO
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
StepVerifier.create(cred.getToken(request1))
@@ -493,7 +493,7 @@ public void testProxyUrlWithCaFileGetsToken(@TempDir Path tempDir) throws IOExce
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
StepVerifier.create(cred.getToken(request1))
@@ -533,7 +533,7 @@ public void testProxyEnabledWithSniNameGetsToken(@TempDir Path tempDir) throws I
.clientId(CLIENT_ID)
.tokenFilePath(tokenFile.toString())
.configuration(configuration)
- .enableAzureTokenProxy()
+ .enableAzureProxy()
.build();
StepVerifier.create(credential.getToken(request1))