Share via

Auth issues when connecting to service bus connector using service principal and certificate from logic app

Sunita 42 Reputation points Microsoft Employee
2025-12-18T07:34:20.9033333+00:00

I'm able to authenticate to the service bus connector using managed identity, however, my use case involves authenticating via service principal and certificate from key vault. The service principal has service bus data receiver role added to the service bus.

I downloaded the certificate from the keyvault in pfx format. There is no password associated with the cert. When I upload it, the api connection is in error state. Below is the connection config and the connection state json after creation, It seems like it;s expecting CLIENT_SECRET which shouldn't be the case when authenticating via cert.

image

Connection Error: 

"statuses": [             {                 "status": "Error",                 "target": "token",                 "error": {                     "code": "Unauthorized",                     "message": "Failed to acquire access token for service using client credentials flow: IdentityProvider=aadcertificate. Correlation Id=41de39d2-18a7-4fd2-856c-1sffddgg8d, UTC TimeStamp=12/9/2025 11:09:21 PM, Error: No key 'clientsecret' for grant_type={GrantType}&client_id={ClientId}&client_secret={ClientSecret}&resource={ResourceUri}"                 }             }         ]
Azure Logic Apps
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
0 comments
Answer accepted by question author
  1. Pravallika KV 4,595 Reputation points Microsoft External Staff Moderator
    2025-12-22T23:37:01.18+00:00

    Hi @Sunita ,

    Thanks for the confirmation offline. Glad you found a workaround.

    I am summarizing the discussion and posting as answer.

    As mentioned in MSDOC:

    • Client certificate authentication is not supported by the Azure Service Bus managed connector in Logic Apps.
    • In Logic Apps, Authentication type: Client certificate is supported only for the following connectors: Azure API Management, Azure App Service, HTTP, HTTP + Swagger, and HTTP Webhook.
    • The Service Bus connector supports Managed Identity and Service Principal with client secret, but does not support service principal authentication using certificates.

    Workaround:

    As an alternative, found a workaround using function app.

    Hope it helps!

    Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

    User's image

    If you have any other questions, let me know in the "comments" and I would be happy to help you.

    0 comments
Answer accepted by question author
  1. Rakesh Mishra 4,110 Reputation points Microsoft External Staff Moderator
    2025-12-18T16:55:08.45+00:00

    Hi @Sunita ,

    Thanks for reaching out to Microsoft Q&A.

    • The Azure Service Bus managed connector in Logic Apps does not support Client certificate authentication type.
    • In Logic Apps, the Client certificate authentication type is supported only by the following connectors: Azure API Management, Azure App Service, HTTP, HTTP + Swagger, and HTTP Webhook.

    If the resolution was helpful, kindly take a moment to accept the answer and upvote it 👍 it as a token of appreciation.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.