Trying to enable encryption using platform cipher and while creating the keystore instance to get the CMK from azure key vault, it requires the following:
1) Client ID
2) Client Key
3) Customer Master Key ID
Our Azure team have provided the values for each and using this in the key store instance throws an error (below) and doesn't save it.
Customer master key ID — Provide valid Customer master key ID
Did come across this article with a similar issue and it does mention that there might be a pega product bug (though it was on a different version) and was going to raise a support ticket. But before doing that, just wanted to confirm what the values for client id and key would have to be? For the customer master key id, we have created a key in an azure key vault and using the "Key Identifier" value from it.
***Edited by Moderator Marije to add Support Case Details; update capability tags***
The full error should specify the issue, but usually it simply involves adding the 'client id' and 'secret' from the application which is created in the Azure. Access policy in Azure should also be configured to allow the access.
I found the BUG mentioned in the previous post: BUG-709715 will be resolved in Pega 8.7.2
Did you already test the suggested workaround?
Import nimbus-oauth-sdk jar version 6.18.1 and add it to Customer rulset and restart the system. This will take care of the issue.
Just wanted to clarify that the values we were given for the client id and secret were correct and the team have also confirmed that they have updated the access policies accordingly. Wanted to ensure our setup is ok before I raise a support ticket (which I've now: INC-220109) to understand if the issue we have is similar to the one mentioned on the other article referred in this post.
The workaround is not tested yet as any external components would have to go through our security checks for vulnerabilities which we we'll do in parallel. Also, weren't sure if that applied to v8.7.x as well.