租户的 Azure 登录因 Az 应用程序/主体而失败，并显示未找到订阅消息 [英] Azure login for tenant failing for Az app/principal with No subscription found message

问题描述

我有一个名为 account1 的 Azure 帐户，我在其中创建了一个跨租户可见性的应用程序/委托人.然后我给它一些 API 权限.我有另一个 Azure 帐户 account2，我需要使用此应用程序访问资源.我通过访问以下 url 完成了 account2 的管理员同意流程https://login.microsoftonline.com/<account2 domain>/adminconsent?client_id=cid1

I have an azure account called account1 where I create an App/Principal that is across tenants visibility. I then give it some API permissions. I have another azure account account2 where I need to access resources using this app. I complete the admin consent flow for account2 by going to the following url https://login.microsoftonline.com/<account2 domain>/adminconsent?client_id=cid1

流程结束，我以 tid2 的形式返回租户 ID.当我尝试使用应用程序凭据从命令提示符登录以访问 account2 时，出现错误(它之前工作，突然停止工作)

The flow finishes and I get the tenant id back as say tid2. When I try to login from command prompt with app creds to access account2, I get an error (it was working before and suddenly stopped working)

az login --service-principal --username cid1 --password "pwd"--tenant tid2

错误:未找到 cid1 的订阅.

Error: No subscriptions found for cid1.

推荐答案

在聊天中我们发现问题与 Mac 上使用的终端应用程序有关.使用原生终端后，登录成功，其他终端应用也正常运行.

In the chat we found the issue had something to do with the terminal app used on Mac. After using the native terminal, the login was successful and the other terminal app worked as well.

您需要将 RBAC 角色分配给账户 2 中的服务主体.您可以通过订阅的访问控制 (IAM) 选项卡向应用添加必要的角色来执行此操作.

You need to assign RBAC roles to the service principal in account 2. You can do that through the Access Control (IAM) tab of the subscription by adding the necessary role to the app.

这篇关于租户的 Azure 登录因 Az 应用程序/主体而失败，并显示未找到订阅消息的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！