Add logs to indicate that the token does not have sign permission. (A…

…zure#42879)
azure-sdk · Nov 12, 2024 · a9bafa0 · a9bafa0
1 parent deabcd8
commit a9bafa0
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/...ault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/KeyVaultClient.java b/...ault-jca/src/main/java/com/azure/security/keyvault/jca/implementation/KeyVaultClient.java
@@ -491,6 +491,10 @@ public byte[] getSignedWithPrivateKey(String digestName, String digestValue, Str
             } catch (IOException e) {
                 LOGGER.log(WARNING, "Failed to parse sign result response.", e);
             }
+        } else {
+            LOGGER.log(WARNING,
+                "Can not get signature. It can be caused by missing 'sign' permission. To know how to add 'sign' permission, "
+                    + "see https://github.com/Azure/azure-sdk-for-java/tree/main/sdk/keyvault/azure-security-keyvault-jca#key-less-certificates.");
         }
 
         byte[] signature;