Can't az login with service principal certificate
See original GitHub issueDescribe the bug
Command Name
az login
Errors:
In short, the az login
does not work here because there is an exception with a requirement to execute az login
. (Cat bites its tail, figurally said).
Here is the excerpt from the debug log.
az_command_data_logger : exit code: 1
Suppress exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/__main__.py", line 60, in <module>
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/__main__.py", line 53, in <module>
sys.exit(exit_code)
SystemExit: 1
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 493, in get_current_account_user
active_account = self.get_subscription()
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 502, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 57, in _decorator
val = func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 426, in _get_user_azure_id
return _get_profile().get_current_account_user()
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 495, in get_current_account_user
raise CLIError('There are no active accounts.')
knack.util.CLIError: There are no active accounts.
Suppress exception:
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/__main__.py", line 60, in <module>
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/__main__.py", line 53, in <module>
sys.exit(exit_code)
SystemExit: 1
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 436, in _get_azure_subscription_id
return _get_profile().get_subscription_id()
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 519, in get_subscription_id
return self.get_subscription(subscription)[_SUBSCRIPTION_ID]
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 502, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.
To Reproduce:
Create a principal with certificate and run the command:
az login -o json --service-principal -u $PRINCIPAL_ID -p key.pem --tenant $TENANT_ID --debug
Expected Behavior
Login is possible.
Environment Summary
Linux-5.4.0-42-generic-x86_64-with-debian-bullseye-sid
Python 3.6.10
Installer: DEB
azure-cli 2.9.0 *
Extensions:
subscription 0.1.3
Additional Context
I have used az feedback to capture environment information.
Issue Analytics
- State:
- Created 3 years ago
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Sign in with Azure CLI — Login and Authentication
Sign in interactively; Sign in with credentials on the command line; Sign in with a service principal; Sign in with a different tenant ......
Read more >AZ CLI login using Service Principal fails from specific computer
What I have tried on the laptop: Checked AZ CLI version...same as desktop. Ran az account clear to make sure everything was cleared...
Read more >Authenticating via the Azure CLI | Guides | hashicorp/azurerm
Authenticating via the Azure CLI is only supported when using a User Account. If you're using a Service Principal (for example via az...
Read more >Using secrets from Azure Key Vault in a pipeline
Task 1: Creating a service principal · Login to the Azure Portal. · Open the Azure cloud shell. · Enter the following command...
Read more >Azure AD Service Principals: All you need to know!
Although you can connect as the Service Principal by filling, for example a PowerShell credential with the AppID and client secret, you cannot...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
thank you @jiasli , this solves my problem!
This is the desired behavior if no subscription is found.
You may use
--allow-no-subscriptions
for such scenario.Please note that in the beta version,
--allow-no-subscriptions
has been deprecated, you may use--tenant-access
instead: