租户的Azure登录因Az应用程序/主体失败而未找到订阅消息 [英] Azure login for tenant failing for Az app/principal with No subscription found message

问题描述

我有一个名为account1的天蓝色帐户，在该帐户中我创建了一个跨租户可见性的应用程序/主体.然后，我给它一些API权限.我有另一个Azure帐户account2，需要在其中使用此应用程序访问资源.我通过转到以下网址来完成account2的管理员同意流程 https://login.microsoftonline.com/<account2域>/adminconsent?client_id = cid1

I have an azure account called account1 where I create an App/Principal that is across tenants visibility. I then give it some API permissions. I have another azure account account2 where I need to access resources using this app. I complete the admin consent flow for account2 by going to the following url https://login.microsoftonline.com/<account2 domain>/adminconsent?client_id=cid1

流程结束，我得到租户ID，例如 tid2 .当我尝试使用应用凭据从命令提示符登录以访问account2时，出现错误(它在工作之前突然停止工作)

The flow finishes and I get the tenant id back as say tid2. When I try to login from command prompt with app creds to access account2, I get an error (it was working before and suddenly stopped working)

az login --service-principal --username cid1 --password"pwd"--tenant tid2

错误:找不到cid1的订阅.

Error: No subscriptions found for cid1.

推荐答案

在聊天中，我们发现问题与Mac上使用的终端应用程序有关.使用本机终端后，登录成功，其他终端应用程序也正常运行.

In the chat we found the issue had something to do with the terminal app used on Mac. After using the native terminal, the login was successful and the other terminal app worked as well.

您需要将RBAC角色分配给帐户2中的服务主体.您可以通过向应用程序添加必要的角色，通过订阅的访问控制"(IAM)选项卡来完成此操作.

You need to assign RBAC roles to the service principal in account 2. You can do that through the Access Control (IAM) tab of the subscription by adding the necessary role to the app.

这篇关于租户的Azure登录因Az应用程序/主体失败而未找到订阅消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！