org.postgresql.util.PSQLException: FATAL: Service Principal oid mismatch for role[username]. when connecting azure postgresSQL from azure webapp

Question

I am receiving below error when i try to connect my java application to azure postgresql using azure user created managed identity.

INFO: Retrieving Azure AD access token...

SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".

SLF4J: Defaulting to no-operation (NOP) logger implementation

SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

Feb 14, 2025 2:54:14 PM com.example.demo.DemoApplication main

INFO: Access Token: eyJ0eXAiOi... (truncated)

Feb 14, 2025 2:54:14 PM com.example.demo.DemoApplication main

INFO: Connecting to the database

[WARNING]

org.postgresql.util.PSQLException: FATAL: Service Principal oid mismatch for role[managed_identity_name].

at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication (ConnectionFactoryImpl.java:646)

at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect (ConnectionFactoryImpl.java:180)

at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl (ConnectionFactoryImpl.java:235)

at org.postgresql.core.ConnectionFactory.openConnection (ConnectionFactory.java:49)

at org.postgresql.jdbc.PgConnection.<init> (PgConnection.java:223)

at org.postgresql.Driver.makeConnection (Driver.java:402)

at org.postgresql.Driver.connect (Driver.java:261)

at java.sql.DriverManager.getConnection (DriverManager.java:681)

at java.sql.DriverManager.getConnection (DriverManager.java:190)

at com.example.demo.DemoApplication.main (DemoApplication.java:44)

at org.codehaus.mojo.exec.ExecJavaMojo.doMain (ExecJavaMojo.java:375)

at org.codehaus.mojo.exec.ExecJavaMojo.doExec (ExecJavaMojo.java:364)

at org.codehaus.mojo.exec.ExecJavaMojo.lambda$execute$0 (ExecJavaMojo.java:286)

at java.lang.Thread.run (Thread.java:840)

with same managed identity. i am able to connect using psql.

Answer 1

Hi @Kanhaiya Sharma,

Welcome to Microsoft Q&A forum.

As I understand, you're encountering a Service Principal OID mismatch error when trying to connect your Java application to Azure PostgreSQL using a managed identity. This error typically occurs when the OID (Object ID) of the service principal used for authentication does not match the expected OID for the role in PostgreSQL.

Here are a few steps you can take to troubleshoot and resolve this issue:

1.Ensure that the OID of the managed identity used in your Java application matches the OID assigned to the role in PostgreSQL. You can find the OID in the Azure portal under the managed identity's properties.

2.Make sure that the managed identity has been correctly assigned to the role in PostgreSQL. You can use the following SQL command to check the role assignment:

SELECT * FROM pg_roles WHERE rolname = 'managed_identity_name';

3.If the OID does not match, you may need to update the role in PostgreSQL with the correct OID. You can use the following command to update the role:

ALTER ROLE managed_identity_name WITH LOGIN PASSWORD 'aadOidorAppIdHere';

4.As a workaround, you can disable OID validation in PostgreSQL by setting the aad_validate_oids_in_tenant parameter to off. This can be done using the following command:

SET aad_validate_oids_in_tenant = off;

5.The SLF4J warnings indicate that the logging framework is not properly configured. While this is not directly related to the OID mismatch error, it's a good idea to address it to ensure proper logging. You can add the appropriate SLF4J binding to your project dependencies.

Hope this helps. Do let us know if you any further queries.

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.