Skip to content

Authentication with user managed identity fails / hardcoded APIPA ip-address #29047

New issue
New issue
Open
Open
Authentication with user managed identity fails / hardcoded APIPA ip-address#29047
Assignees
jiasli
Labels
Accountaz login/accountAuto-AssignAuto assign by botAuto-ResolveAuto resolve by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog
@amazingdragi

Description

@amazingdragi
amazingdragi
opened on May 29, 2024

Describe the bug

I am trying to authenticate with an user managed identity and then subsequently upload some files to an Azure Storage account. However, the login fails due to hardcoded APIPA IP-addresses in the request, it can be seen in the error message

Related command

az login --identity --username $userID --debug

Errors

cli.azure.cli.core.azclierror: MSI endpoint is not responding. Please make sure MSI is configured correctly.
Error detail: MSI: Failed to acquire tokens after 12 times
az_command_data_logger: MSI endpoint is not responding. Please make sure MSI is configured correctly.
Error detail: MSI: Failed to acquire tokens after 12 times
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x000002344B066160>]

Issue script & Debug output

msrestazure.azure_active_directory: MSI: wait: 0.1s and retry: 1
urllib3.connectionpool: Starting new HTTP connection (1): localhost:8888
urllib3.connectionpool: http://localhost:8888 "GET http://169.254.169.254/metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&msi_res_id=%2Fsubscriptions%2FSubscriptionID%2Fresourcegroups%2FRG-123%2Fproviders%2FMicrosoft.ManagedIdentity%2FuserAssignedIdentities%2FManagedID HTTP/1.1" 504 None
msrestazure.azure_active_directory: MSI: Retrieving a token from http://169.254.169.254/metadata/identity/oauth2/token, with payload {'resource': 'https://management.core.windows.net/', 'api-version': '2018-02-01', 'msi_res_id': '/subscriptions/SubscriptionID/resourcegroups/RG-123/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ManagedID'}

Expected behavior

Login succesful with an auth token as output

Environment Summary

azure-cli 2.55.0

core 2.55.0
telemetry 1.1.0

Dependencies:
msal 1.24.0b2
azure-mgmt-resource 23.1.0b2

Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe'
Extensions directory 'C:\Users\Bxxxxxx.azure\cliextensions'

Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]

Legal docs and information: aka.ms/AzureCliLegal

Unable to check if your CLI is up-to-date. Check your internet connection.

Additional context

The same issue applies to azcopy login --identity

Metadata

Metadata

Assignees

Labels

Accountaz login/accountAuto-AssignAuto assign by botAuto-ResolveAuto resolve by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.questionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions