Share via

org.postgresql.util.PSQLException: FATAL: Service Principal oid mismatch for role[username]. when connecting azure postgresSQL from azure webapp

Kanhaiya Sharma 0 Reputation points
2025-02-14T15:41:00.85+00:00

I am receiving below error when i try to connect my java application to azure postgresql using azure user created managed identity.

INFO: Retrieving Azure AD access token...

SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".

SLF4J: Defaulting to no-operation (NOP) logger implementation

SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

Feb 14, 2025 2:54:14 PM com.example.demo.DemoApplication main

INFO: Access Token: eyJ0eXAiOi... (truncated)

Feb 14, 2025 2:54:14 PM com.example.demo.DemoApplication main

INFO: Connecting to the database

[WARNING]

org.postgresql.util.PSQLException: FATAL: Service Principal oid mismatch for role[managed_identity_name].

at org.postgresql.core.v3.ConnectionFactoryImpl.doAuthentication (ConnectionFactoryImpl.java:646)

at org.postgresql.core.v3.ConnectionFactoryImpl.tryConnect (ConnectionFactoryImpl.java:180)

at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl (ConnectionFactoryImpl.java:235)

at org.postgresql.core.ConnectionFactory.openConnection (ConnectionFactory.java:49)

at org.postgresql.jdbc.PgConnection.<init> (PgConnection.java:223)

at org.postgresql.Driver.makeConnection (Driver.java:402)

at org.postgresql.Driver.connect (Driver.java:261)

at java.sql.DriverManager.getConnection (DriverManager.java:681)

at java.sql.DriverManager.getConnection (DriverManager.java:190)

at com.example.demo.DemoApplication.main (DemoApplication.java:44)

at org.codehaus.mojo.exec.ExecJavaMojo.doMain (ExecJavaMojo.java:375)

at org.codehaus.mojo.exec.ExecJavaMojo.doExec (ExecJavaMojo.java:364)

at org.codehaus.mojo.exec.ExecJavaMojo.lambda$execute$0 (ExecJavaMojo.java:286)

at java.lang.Thread.run (Thread.java:840)

with same managed identity. i am able to connect using psql.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
763 questions
Azure Database for PostgreSQL
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,344 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Mahesh Kurva 2,750 Reputation points Microsoft Vendor
    2025-02-14T21:24:55.4266667+00:00

    Hi @Kanhaiya Sharma,

    Welcome to Microsoft Q&A forum.

    As I understand, you're encountering a Service Principal OID mismatch error when trying to connect your Java application to Azure PostgreSQL using a managed identity. This error typically occurs when the OID (Object ID) of the service principal used for authentication does not match the expected OID for the role in PostgreSQL.

    Here are a few steps you can take to troubleshoot and resolve this issue:

    1.Ensure that the OID of the managed identity used in your Java application matches the OID assigned to the role in PostgreSQL. You can find the OID in the Azure portal under the managed identity's properties.

    2.Make sure that the managed identity has been correctly assigned to the role in PostgreSQL. You can use the following SQL command to check the role assignment:

    SELECT * FROM pg_roles WHERE rolname = 'managed_identity_name';

    3.If the OID does not match, you may need to update the role in PostgreSQL with the correct OID. You can use the following command to update the role:

    ALTER ROLE managed_identity_name WITH LOGIN PASSWORD 'aadOidorAppIdHere';

    4.As a workaround, you can disable OID validation in PostgreSQL by setting the aad_validate_oids_in_tenant parameter to off. This can be done using the following command:

    SET aad_validate_oids_in_tenant = off;

    5.The SLF4J warnings indicate that the logging framework is not properly configured. While this is not directly related to the OID mismatch error, it's a good idea to address it to ensure proper logging. You can add the appropriate SLF4J binding to your project dependencies.

    Hope this helps. Do let us know if you any further queries.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

  2. Mahesh Kurva 2,750 Reputation points Microsoft Vendor
    2025-02-20T08:52:08.6666667+00:00

    Hi @Kanhaiya Sharma,

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others "I'll repost your solution in case you'd like to accept the answer.

    Issue:

    org.postgresql.util.PSQLException: FATAL: Service Principal oid mismatch for role[username]. when connecting azure postgresSQL from azure webapp

    Solution:

    Workaround

    It appears that user-assigned managed identity is currently not supported in the flexible server version. I attempted to use system-assigned managed identity with the same steps, and I was able to connect to the database.

    If I missed anything please let me know and I'd be happy to add it to my answer, or feel free to comment below with any additional information.

    If you have any other questions, please let me know. Thank you again for your time and patience throughout this issue.

    Please don’t forget to Accept Answer and Yes for "was this answer helpful" wherever the information provided helps you, this can be beneficial to other community members

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.