diff --git a/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java b/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java index 2b9513c0..7a937385 100644 --- a/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java +++ b/src/main/java/com/microsoft/jenkins/azuread/AzureSecurityRealm.java @@ -140,7 +140,8 @@ public AccessToken getAccessToken() { ClientSecretCredential clientSecretCredential = getClientSecretCredential(); TokenRequestContext tokenRequestContext = new TokenRequestContext(); - tokenRequestContext.setScopes(singletonList("https://graph.microsoft.com/.default")); + String graphResource = AzureEnvironment.getGraphResource(getAzureEnvironmentName()); + tokenRequestContext.setScopes(singletonList(graphResource + ".default")); AccessToken accessToken = clientSecretCredential.getToken(tokenRequestContext).block(); diff --git a/src/main/java/com/microsoft/jenkins/azuread/GraphClientCache.java b/src/main/java/com/microsoft/jenkins/azuread/GraphClientCache.java index 9a8ec66f..88e3be5d 100644 --- a/src/main/java/com/microsoft/jenkins/azuread/GraphClientCache.java +++ b/src/main/java/com/microsoft/jenkins/azuread/GraphClientCache.java @@ -10,6 +10,7 @@ import hudson.ProxyConfiguration; import hudson.util.Secret; import io.jenkins.plugins.azuresdk.HttpClientRetriever; +import java.net.URI; import jenkins.model.Jenkins; import jenkins.util.JenkinsJVM; import okhttp3.Credentials; @@ -21,6 +22,7 @@ import static com.microsoft.jenkins.azuread.AzureEnvironment.AZURE_PUBLIC_CLOUD; import static com.microsoft.jenkins.azuread.AzureEnvironment.getAuthorityHost; +import static com.microsoft.jenkins.azuread.AzureEnvironment.getGraphResource; import static com.microsoft.jenkins.azuread.AzureEnvironment.getServiceRoot; public class GraphClientCache { @@ -38,7 +40,7 @@ private static GraphServiceClient createGraphClient(GraphClientCacheKey OkHttpClient.Builder builder = HttpClients.createDefault(authProvider) .newBuilder(); - builder = addProxyToHttpClientIfRequired(builder); + builder = addProxyToHttpClientIfRequired(builder, key.getAzureEnvironmentName()); final OkHttpClient graphHttpClient = builder.build(); GraphServiceClient graphServiceClient = GraphServiceClient @@ -79,11 +81,13 @@ public static GraphServiceClient getClient(AzureSecurityRealm azureSecu return TOKEN_CACHE.get(key); } - public static OkHttpClient.Builder addProxyToHttpClientIfRequired(OkHttpClient.Builder builder) { + public static OkHttpClient.Builder addProxyToHttpClientIfRequired(OkHttpClient.Builder builder, String azureEnvironmentName) { if (JenkinsJVM.isJenkinsJVM()) { ProxyConfiguration proxyConfiguration = Jenkins.get().getProxy(); if (proxyConfiguration != null && StringUtils.isNotBlank(proxyConfiguration.getName())) { - Proxy proxy = proxyConfiguration.createProxy("graph.microsoft.com"); + + String graphHost = URI.create(getGraphResource(azureEnvironmentName)).getHost(); + Proxy proxy = proxyConfiguration.createProxy(graphHost); builder = builder.proxy(proxy); if (StringUtils.isNotBlank(proxyConfiguration.getUserName())) { diff --git a/src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java b/src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java index b7550ce1..137fee88 100644 --- a/src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java +++ b/src/main/java/com/microsoft/jenkins/azuread/GraphProxy.java @@ -165,7 +165,12 @@ private void proxy(StaplerRequest request, StaplerResponse response) throws IOEx private OkHttpClient getClient() { ProxyConfiguration proxyConfiguration = Jenkins.get().getProxy(); if (proxyConfiguration != null && StringUtils.isNotBlank(proxyConfiguration.getName())) { - return addProxyToHttpClientIfRequired(new OkHttpClient().newBuilder()).build(); + SecurityRealm securityRealm = Jenkins.get().getSecurityRealm(); + AzureSecurityRealm azureSecurityRealm = ((AzureSecurityRealm) securityRealm); + + String azureEnvironmentName = azureSecurityRealm.getAzureEnvironmentName(); + + return addProxyToHttpClientIfRequired(new OkHttpClient().newBuilder(), azureEnvironmentName).build(); } return DEFAULT_CLIENT; }