FortiSIEM Discussions
KevinCanalichio
New Contributor II

Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
6 REPLIES 6
DanielHanman
Staff
Staff

Hi Kevin,

I'm aware of an issue with this GCC integration and working to address it.

Will revert back ASAP.

Thanks

Dan

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Mar 26, 2021 08:18 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
KenMickeletto1

Hi Kevin,

I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

Thanks!-------------------------------------------
Original Message:
Sent: Mar 26, 2021 08:18 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
KevinCanalichio

I opened this ticket with them over 3 week ago. And have gotten nowhere so I figured I'd reach out the the community-------------------------------------------
Original Message:
Sent: Mar 26, 2021 09:15 AM
From: Ken Mickeletto
Subject: Fortisiem - Azure Government Cloud

Hi Kevin,

I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

Thanks!
Original Message:
Sent: Mar 26, 2021 08:18 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
RobertEvans

Hi Kevin,

Which integration did you try to configure? The office365 Management API has been fixed for this issue in v6.2 of FortiSIEM, allowing the .com and .us endpoints for Azure GCC and Azure GCC High.

Azure GCC Login: login.microsoftonline.com
Azure GCC API: manage-gcc.office.com

Azure GCC High Login: login.microsoftonline.us
Azure GCC High API: manage.office365.us

If you are using another Azure integration type other than Office 365 let me know which one that is. 

Thanks,-------------------------------------------
Original Message:
Sent: Mar 26, 2021 09:30 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

I opened this ticket with them over 3 week ago. And have gotten nowhere so I figured I'd reach out the the community
Original Message:
Sent: Mar 26, 2021 09:15 AM
From: Ken Mickeletto
Subject: Fortisiem - Azure Government Cloud

Hi Kevin,

I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

Thanks!
Original Message:
Sent: Mar 26, 2021 08:18 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
KevinCanalichio

Using the Compute and EventHub-------------------------------------------
Original Message:
Sent: Mar 26, 2021 10:58 AM
From: Robert Evans
Subject: Fortisiem - Azure Government Cloud

Hi Kevin,

Which integration did you try to configure? The office365 Management API has been fixed for this issue in v6.2 of FortiSIEM, allowing the .com and .us endpoints for Azure GCC and Azure GCC High.

Azure GCC Login: login.microsoftonline.com
Azure GCC API: manage-gcc.office.com

Azure GCC High Login: login.microsoftonline.us
Azure GCC High API: manage.office365.us

If you are using another Azure integration type other than Office 365 let me know which one that is. 

Thanks,
Original Message:
Sent: Mar 26, 2021 09:30 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

I opened this ticket with them over 3 week ago. And have gotten nowhere so I figured I'd reach out the the community
Original Message:
Sent: Mar 26, 2021 09:15 AM
From: Ken Mickeletto
Subject: Fortisiem - Azure Government Cloud

Hi Kevin,

I would urge you to contact FortiSIEM Support for more information on this.  I am not 100% sure, but I suspect that this isn't supported at the moment.  Once Support becomes aware of this, they can file a feature request on your behalf.

Thanks!
Original Message:
Sent: Mar 26, 2021 08:18 AM
From: Kevin Canalichio
Subject: Fortisiem - Azure Government Cloud

Has anyone had a luck connecting the SEIM to the azure government cloud at azure.us  All the fortisiem APIs appears to go to azure.com and I get the following error

Confidential Client is not supported in Cross Cloud request.\r\nTrace ID: a5167bd1-ce86-45ab-a7d6-f1db1a16f600\r\nCorrelation ID: 3c191a9b-f2ef-4573-9c73-dbef821e55fd\r\nTimestamp: 2021-03-02 16:52:49Z","error_codes":[900382],"timestamp":"2021-03-02 16:52:4

Which would seem to show that my credentials are not in the azure.com domain. And there doesn't appear to be able redirection to the azure.us domain.

I have hacked the database to replace azure.com with azure.us, portal.azure.us, and various other urls but that didn't work either in the below documents



https://docs.microsoft.com/en-us/azure/developer/python/azure-sdk-sovereign-domain
https://docs.microsoft.com/en-us/azure/azure-government/compare-azure-government-global-azure#guidan...


Any help would be appriciated
itmotetocka
New Contributor

Hey Kevin,

 

I've encountered a similar challenge when attempting to connect Fortisiem to the Azure Government Cloud. The error message you're seeing indicates a "Confidential Client is not supported in Cross Cloud request," which suggests that your credentials might indeed not be within the azure.com domain. This issue can be quite perplexing, but fret not, there's a solution.

 

My recommendation is to ensure that you're using the appropriate Azure Government endpoints and URLs in your configuration. Instead of hacking the database, try checking your Fortisiem setup and make sure you're using the azure.us, portal.azure.us, and other relevant URLs throughout the configuration.

 

Also, check if you need to adjust the authentication method to align with the Azure Government Cloud requirements. It's essential to follow Azure Government's specific guidelines for API calls.

I faced a similar problem a while back, and once I aligned my configuration with the correct endpoints, the issue was resolved. Remember that staying in sync with Azure Government's unique requirements is key.