SOUTHWORKS Dev Team
November 4, 2017
New Azure Media Services SDK for Java release with Azure Active Directory (AAD) authentication support
Last week, the Azure Media Services team released a new version of the Azure Media Services SDK for Java, SOUTHWORKS dev team provides some details about the new AAD authentication support
by Mariano Converti
Last week, the Azure Media Services team released a new version of the Azure Media Services SDK for Java (com.microsoft.azure/azure-media/0.9.8 package) that includes:
Support for Azure ActiveDirectory (AAD) authentication
Upgrade to REST API version2.17
Minor fixes/improvements such as updating SAS Locator URLs created with the Java SDK to target Blob API version 2016–05–31 (which increases the maximum allowed block blob size from 64MB to 256MB)
In this post, I will try to provide some details about the new AAD authentication support.
The first important thing to mention is that, starting with new this release (0.9.8), the azure-media package does not support the original Access Control Service (ACS) authentication model (“account keys”) any longer; this is aligned with the ACS authentication deprecation announcement targeted for June 2018. This means that the original way of configuring the Azure Media Services Java SDK client is not available anymore.
// DEPRECATED METHOD OF AUTHENTICATING USING ACCOUNT KEYS (ACS)
String mediaServiceUri = "https://media.windows.net/API/";
String oAuthUri = "https://wamsprodglobal001acs.accesscontrol.windows.net/v2/OAuth2-13";
String clientId = "%account-name%";
String clientSecret = "%account-key%";
String scope = "urn:WindowsAzureMediaServices";Configuration configuration =
MediaConfiguration.configureWithOAuthAuthentication(mediaServiceUri, oAuthUri, clientId, clientSecret, scope) ;mediaService = MediaService.create(configuration) ;
The new AAD authentication support included in the Java SDK leverages Azure Active Directory Authentication Library (ADAL) for Java and supports the following three authentication scenarios:
1) Service principal with client symmetric key
String tenant = "%tenant%.onmicrosoft.com";
String clientId = "%client_id%";
String clientKey = "%client_key%";
String restApiEndpoint ="https://%account-name%.restv2.region.media.azure.net/api/";
ExecutorService executorService = Executors.newFixedThreadPool(1); AzureAdTokenCredentialscredentials = new AzureAdTokenCredentials(tenant, newAzureAdClientSymmetricKey(clientId, clientKey),AzureEnvironments.AZURE_CLOUD_ENVIRONMENT);TokenProvider provider = newAzureAdTokenProvider(credentials, executorService);Configuration configuration= MediaConfiguration.configureWithAzureAdTokenProvider(newURI(restApiEndpoint), provider);MediaContract mediaService =MediaService.create(configuration);
2) Service principal with client certificate
String tenant = "%tenant%.onmicrosoft.com";
String clientId = "%client_id%";
String restApiEndpoint = "https://%account-name%.restv2.region.media.azure.net/api/";
String pfxFilename = "%path_to_keystore.pfx%";
String pfxPassword = "%keystore_password%";
InputStream pfx = new FileInputStream(pfxFilename);
ExecutorService executorService =Executors.newFixedThreadPool(1);AzureAdTokenCredentials credentials = newAzureAdTokenCredentials(tenant, AsymmetricKeyCredential.create(clientId, pfx,pfxPassword), AzureEnvironments.AZURE_CLOUD_ENVIRONMENT);TokenProvider provider= new AzureAdTokenProvider(credentials, executorService);Configurationconfiguration = MediaConfiguration.configureWithAzureAdTokenProvider(new URI(restApiEndpoint),provider);MediaContract mediaService = MediaService.create(configuration);
3) User credentials
String tenant = "%tenant%.onmicrosoft.com";
String username = "email@example.com";
String password = "%user-password%";
String restApiEndpoint ="https://%account-name%.restv2.region.media.azure.net/api/";
ExecutorService executorService =Executors.newFixedThreadPool(1);AzureAdTokenCredentials credentials = new AzureAdTokenCredentials(tenant, new AzureAdClientUsernamePassword(username, password),AzureEnvironments.AZURE_CLOUD_ENVIRONMENT);TokenProvider provider = newAzureAdTokenProvider(credentials, executorService);Configuration configuration= MediaConfiguration.configureWithAzureAdTokenProvider(newURI(restApiEndpoint), provider);MediaContract mediaService =MediaService.create(configuration);
In order to choose the right authentication for your scenario, you can read this article.
If you are familiar with the Azure Media Services SDK for .NET you will notice that the new AAD authentication support in the Java SDK is very similar and consistent. You will even find the same AzureEnvironments class which is a helper to get the right environment variable settings for a given public or sovereign Azure cloud.
To get more details about theAzure Media Services SDK for Java you can read this article and also review our GitHub samples repository @ https://github.com/southworkscom/azure-sdk-for-media-services-java-samples/tree/master/azure-media-aad-authentication.
Enjoy!
Originally published by Mariano Converti for SOUTHWORKS on Medium in 2017
