Azure CLI 2.0.9，ADFS错误"：" unauthorized_client" ，“error_description”：“MSIS9605：不允许客户端访问所请求的资源。”} [英] Azure CLI 2.0.9 with ADFS error":"unauthorized_client" ,"error_description":"MSIS9605: The client is not allowed to access the requested resource."}

问题描述

我在使用CLI处理基于ADFS的ASDK时遇到问题。我已根据需要更新了证书并使用以下命令注册：

az cloud register -n AzureStackAdmin --endpoint-resource-manager" https://adminmanagement.local.azurestack。外部/" --endpoint-active-directory" https://adfs.local.azurestack.external/adfs" --endpoint-active-directory-resource-id" https://adminmanagement.adfs.azurestack.local/8cfbcc64-6538-4802-8616-3257b7xxxxx/"
--endpoint-active-directory-graph-resource-id" https：//graph.local.azurestack.external/" --suffix-storage-endpoint" local.azurestack.external" --suffix-keyvault-dns" .adminvault.local.azurestack.external"

当我尝试登录时出现此错误：

获取令牌请求返回http错误：400和服务器响应：{" error"：" unauthorized_client"，" error_description"：" MSIS9605：不允许客户端访问请求的资源。"}

我以AzureStackAdmin@azurestack.local帐户登录。

我可以通过PowerShell和管理员门户访问默认提供商订阅。

任何想法？

解决方案

Hey Ryan，

如果你'重新使用CLI，在AD FS模式下，请注意仅支持服务主体。所以，我建议你尝试在环境中创建一个服务主体并给它一个旋转。如果你遇到同样的问题，请联系。

谢谢

-

Shri

I'm having an issue getting the CLI to work with ADFS based ASDK. I've updated the certificates as required and registered using this command:

az cloud register -n AzureStackAdmin --endpoint-resource-manager "https://adminmanagement.local.azurestack.external/" --endpoint-active-directory "https://adfs.local.azurestack.external/adfs" --endpoint-active-directory-resource-id "https://adminmanagement.adfs.azurestack.local/8cfbcc64-6538-4802-8616-3257b7xxxxx/" --endpoint-active-directory-graph-resource-id "https://graph.local.azurestack.external/" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".adminvault.local.azurestack.external"

When I try to login I get this error:

Get Token request returned http error: 400 and server response: {"error":"unauthorized_client","error_description":"MSIS9605: The client is not allowed to access the requested resource."}

I am logging in as the AzureStackAdmin@azurestack.local account.

I have access to the Default Provider Subscription through PowerShell and the Admin Portal.

Any ideas?

解决方案

Hey Ryan,

If you're using the CLI, in the AD FS mode, note that only Service Principals are supported. So, i'd recommend you to try creating a Service Principal in the environment and give it a whirl. Please reach out if you hit the same issue.

Thanks

--

Shri

这篇关于Azure CLI 2.0.9，ADFS错误"：" unauthorized_client" ，“error_description”：“MSIS9605：不允许客户端访问所请求的资源。”}的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！