Support for authenticating service principal with certificate

[aalim-nisum-com]

Jenkins version : 2.204.2
azure-keyvault plugin : 2.0
OS: Debian GNU/Linux

I am trying to integrate Jenkins with Azure Key Vault (AKV). I added a service principal in Jenkins credentials. I used Cert method for secret. Once the service principal is added, it verifies successfully.

The next step was to configure the Azure Key vault plugin from main Jenkins configured. I mentioned the Key vault URL and selected the service principal I added in the Jenkins key store. After Hitting the verification "Test Connection" it waits for several seconds and then returns following error
"504 Gateway Time-out"

I tested the same thing with again by defining the same service principal in Jenkins but instead of using the Cert method, I provide Client secret. Using the SPN definition for configuring Azure Key Vault seems to work fine.

Summarizing the issue:
If I use service principal based on CERT to configure Azure Key vault in Jenkins, it returns "504 Gateway Time-out"

[timja]

Sounds like a bug, I've never used certificates for authentication before

[tarunnallamothu27]

@timja any findings on this issue we have been blocked with same kind of issue we are getting same 504 error while using certs

[timja]

I tried implementing it but it's reasonably complex.

possibly someone has done this in another azure credential but I couldn't see it in azure-credentials.

Unless it's contributed by someone it's unlikely to happen right now

[timja]

FYI recommended way of integration is with a Managed Identity and not using a service principal itself.

Service principals should be used when not running on Azure