Scheduler jobs may need to call out to services that require authentication. This way, a called service can determine if the Scheduler job can access its resources. Some of these services include other Azure services, Salesforce.com, Facebook, and secure custom websites.
Adding and Removing Authentication
Adding authentication to a Scheduler job is simple – add a JSON child element authentication to the request element when creating or updating a job. Secrets passed to the Scheduler service in a PUT, PATCH, or POST request – as part of the authentication object – are never returned in responses. In responses, secret information is set to null or may have a public token that represents the authenticated entity.
To remove authentication, PUT or PATCH the job explicitly, setting the authentication object to null. You will not see any authentication properties back in response.
Currently, the only supported authentication types are the ClientCertificate model (for using the SSL/TLS client certificates), the Basic model (for Basic authentication), and the ActiveDirectoryOAuth model (for Active Directory OAuth authentication.)
Request Body for ClientCertificate Authentication
When adding authentication using the ClientCertificate model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using an SSL client certificate. |
| type | Required. Type of authentication.For SSL client certificates, the value must be ClientCertificate. |
| pfx | Required. Base64-encoded contents of the PFX file. |
| password | Required. Password to access the PFX file. |
Response Body for ClientCertificate Authentication
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using an SSL client certificate. |
| type | Type of authentication. For SSL client certificates, the value is ClientCertificate. |
| certificateThumbprint | The thumbprint of the certificate. |
| certificateSubjectName | The subject distinguished name of the certificate. |
| certificateExpiration | The expiration date of the certificate. |
Sample REST Request for ClientCertificate Authentication
PUT https://management.azure.com/subscriptions/1fe0abdf-581e-4dfe-9ec7-e5cb8e7b205e/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"type": "clientcertificate",
"password": "password",
"pfx": "pfx key"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
Sample REST Response for ClientCertificate Authentication
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 858
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 56c7b40e-721a-437e-88e6-f68562a73aa8
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 1075219e-e879-4030-bc81-094e54fbabce
x-ms-routing-request-id: WESTUS:20160316T190424Z:1075219e-e879-4030-bc81-094e54fbabce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:04:23 GMT
{
"id": "/subscriptions/1fe0abdf-581e-4dfe-9ec7-e5cb8e7b205e/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type": "Microsoft.Scheduler/jobCollections/jobs",
"name": "southeastasiajc/httpjob",
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"certificateThumbprint": "88105CG9DF9ADE75B835711D899296CB217D7055",
"certificateExpiration": "2021-01-01T07:00:00Z",
"certificateSubjectName": "CN=Scheduler Mgmt",
"type": "ClientCertificate"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
"status": {
"nextExecutionTime": "2016-03-16T19:05:00Z",
"executionCount": 0,
"failureCount": 0,
"faultedCount": 0
}
}
}
Request Body for Basic Authentication
When adding authentication using the Basic model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using Basic authentication. |
| type | Required. Type of authentication. For Basic authentication, the value must be Basic. |
| username | Required. Username to authenticate. |
| password | Required. Password to authenticate. |
Response Body for Basic Authentication
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using Basic authentication. |
| type | Type of authentication. For Basic authentication, the value is Basic. |
| username | The authenticated username. |
Sample REST Request for Basic Authentication
PUT https://management.azure.com/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Length: 562
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"type": "basic",
"username": "user",
"password": "password"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
Sample REST Response for Basic Authentication
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 701
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: a2dcb9cd-1aea-4887-8893-d81273a8cf04
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 7816f222-6ea7-468d-b919-e6ddebbd7e95
x-ms-routing-request-id: WESTUS:20160316T190506Z:7816f222-6ea7-468d-b919-e6ddebbd7e95
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:05:06 GMT
{
"id":"/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type":"Microsoft.Scheduler/jobCollections/jobs",
"name":"southeastasiajc/httpjob",
"properties":{
"startTime":"2015-05-14T14:10:00Z",
"action":{
"request":{
"uri":"https://mywebserviceendpoint.com",
"method":"GET",
"headers":{
"x-ms-version":"2013-03-01"
},
"authentication":{
"username":"user1",
"type":"Basic"
}
},
"type":"http"
},
"recurrence":{
"frequency":"minute",
"endTime":"2016-04-10T08:00:00Z",
"interval":1
},
"state":"enabled",
"status":{
"nextExecutionTime":"2016-03-16T19:06:00Z",
"executionCount":0,
"failureCount":0,
"faultedCount":0
}
}
}
Request Body for ActiveDirectoryOAuth Authentication
When adding authentication using the ActiveDirectoryOAuth model, specify the following additional elements in the request body.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using ActiveDirectoryOAuth authentication. |
| type | Required. Type of authentication. For ActiveDirectoryOAuth authentication, the value must be ActiveDirectoryOAuth. |
| tenant | Required. The tenant identifier for the Azure AD tenant. |
| audience | Required. This is set to https://management.core.windows.net/. |
| clientId | Required. Provide the client identifier for the Azure AD application. |
| secret | Required. Secret of the client that is requesting the token. |
Determining your Tenant Identifier
You can find the tenant identifier for the Azure AD tenant by running Get-AzureAccount in Azure PowerShell.
Response Body for ActiveDirectoryOAuth Authentication
When a request is sent with authentication info, the response contains the following authentication-related elements.
| Element | Description |
|---|---|
| authentication (parent element) | Authentication object for using ActiveDirectoryOAuth authentication. |
| type | Type of authentication. For ActiveDirectoryOAuth authentication, the value is ActiveDirectoryOAuth. |
| tenant | The tenant identifier for the Azure AD tenant. |
| audience | This is set to https://management.core.windows.net/. |
| clientId | The client identifier for the Azure AD application. |
Sample REST Request for ActiveDirectoryOAuth Authentication
PUT https://management.azure.com/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobcollections/southeastasiajc/jobs/httpjob?api-version=2016-01-01 HTTP/1.1
User-Agent: Fiddler
Host: management.azure.com
Authorization: Bearer sometoken
Content-Length: 757
Content-Type: application/json; charset=utf-8
{
"properties": {
"startTime": "2015-05-14T14:10:00Z",
"action": {
"request": {
"uri": "https://mywebserviceendpoint.com",
"method": "GET",
"headers": {
"x-ms-version": "2013-03-01"
},
"authentication": {
"tenant":"microsoft.onmicrosoft.com",
"audience":"https://management.core.windows.net/",
"clientId":"dc23e764-9be6-4a33-9b9a-c46e36f0c137",
"secret": "G6u071r8Gjw4V4KSibnb+VK4+tX399hkHaj7LOyHuj5=",
"type":"ActiveDirectoryOAuth"
}
},
"type": "http"
},
"recurrence": {
"frequency": "minute",
"endTime": "2016-04-10T08:00:00Z",
"interval": 1
},
"state": "enabled",
}
}
Sample REST Response for ActiveDirectoryOAuth Authentication
HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 885
Content-Type: application/json; charset=utf-8
Expires: -1
x-ms-request-id: 86d8e9fd-ac0d-4bed-9420-9baba1af3251
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
x-ms-ratelimit-remaining-subscription-resource-requests: 599
x-ms-correlation-request-id: 5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
x-ms-routing-request-id: WESTUS:20160316T191003Z:5183bbf4-9fa1-44bb-98c6-6872e3f2e7ce
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Wed, 16 Mar 2016 19:10:02 GMT
{
"id":"/subscriptions/1d908808-e491-4fe5-b97e-29886e18efd4/resourceGroups/CS-SoutheastAsia-scheduler/providers/Microsoft.Scheduler/jobCollections/southeastasiajc/jobs/httpjob",
"type":"Microsoft.Scheduler/jobCollections/jobs",
"name":"southeastasiajc/httpjob",
"properties":{
"startTime":"2015-05-14T14:10:00Z",
"action":{
"request":{
"uri":"https://mywebserviceendpoint.com",
"method":"GET",
"headers":{
"x-ms-version":"2013-03-01"
},
"authentication":{
"tenant":"microsoft.onmicrosoft.com",
"audience":"https://management.core.windows.net/",
"clientId":"dc23e764-9be6-4a33-9b9a-c46e36f0c137",
"type":"ActiveDirectoryOAuth"
}
},
"type":"http"
},
"recurrence":{
"frequency":"minute",
"endTime":"2016-04-10T08:00:00Z",
"interval":1
},
"state":"enabled",
"status":{
"lastExecutionTime":"2016-03-16T19:10:00.3762123Z",
"nextExecutionTime":"2016-03-16T19:11:00Z",
"executionCount":5,
"failureCount":5,
"faultedCount":1
}
}
}
See Also
Azure Scheduler concepts, terminology, and entity hierarchy
Get started using Scheduler in the Azure portal
Plans and billing in Azure Scheduler
Azure Scheduler REST API reference
Azure Scheduler PowerShell cmdlets reference