New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CAE causes Microsoft Graph API calls to fail #24684
Comments
@jiasli for awareness |
CAE support was introduced by I can't repro this issue on my tenant. I also can't find any official document for error code Similar issues have been reported to other CLI tools:
I will investigate it with Azure PowerShell team internally first. Meanwhile, could you please try to
|
I ran into as well with Possibly related to this tenant:
Can't think of anything unique outside of that. |
The @jiasli -- I'll try to post the result of a command with |
I am seeing a similar issue on my side.
Now when I try to run terraform plan it gives me this error - note that nothing has changed since I authenticated using az login in the previous step.
OR this command
CLI Version: I tried doing az logout and az login but no success. ============= |
I am experiencing the same issues with
Downgraded to azure-cli-2.40.0 which fixed the issue upon re-login. |
@li-rishi, @cdomansky, do you know which command that Terraform is calling results in the mentioned error? For now, could you try to use the latest Azrue CLI and set Then the token won't have
|
@jiasli Both |
@cdomansky I have python 3.11.1 installed and down grading azure cli to 2.40.0 causing raise ArgumentError(self, _('conflicting subparser: %s') % name) do i need to donwgrade python as well? which version if you know |
This did not work for me with the latest versions of AzureCLI and Terraform. I tried setting the variable at several different scopes. I get the error when running |
The following work for me on AzureCli {
"azure-cli": "2.45.0",
"azure-cli-core": "2.45.0",
"azure-cli-telemetry": "1.0.8",
"extensions": {
"interactive": "0.4.6",
"resource-graph": "2.1.0"
}
} export AZURE_IDENTITY_DISABLE_CP1=1
az account clear
az login --tenant "$TENANT_ID"
az ad signed-in-user show And I was able to use terraform as well! I was still not able in CLI 2.44
|
Ok, interesting. I followed your steps @PPACI - I think the only thing you had different was explicitly setting the |
Indeed I had issue in the past with conditional access and CAE while not explicitly setting —tenant. I work with multiple tenant and B2C tenant, so now I have the habit of setting it.I also had experience where switching tenant was not enough. I had to “az account clear” before “as login —tenant”.On 24 Feb 2023, at 22:43, mickey-stringer ***@***.***> wrote:
Ok, interesting.
I tried again because I really need 2.45 for some additional features... and my terraform apply is now working.
I followed your steps @PPACI - I think the only thing you had different was explicitly setting the --tenant parameter for az login, so maybe that's key (in addition to setting AZURE_IDENTITY_DISABLE_CP1)
CC: @li-rishi @cdomansky @jiasli
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>
|
I am having the same issue as others. and this workaround worked for me. Although it was reverted when the machine was rebooted. |
Describe the bug
The CLI is failing to communicate with the Microsoft Graph due to some issue with Continuous Access Evaluation. Below is an example of a command that returns a CAE challenge error message, though other commands have done the same.
This error is happening immediately after I authenticated with
az login
, so it's highly unlikely that any of the session's properties have changed (IP/location included).Command Name
az ad app owner add
Errors:
To Reproduce:
az login
az ad app owner add --id {app id} --owner-object-id {owner oid}
Expected Behavior
Environment Summary
Additional Context
Confirmed that downgrading to v2.40 of the CLI (before CAE was introduced in v2.41) and logging out/back in is a workaround.
The text was updated successfully, but these errors were encountered: