New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Service principal authentication fails in Azure Automation #655
Comments
Reopening since this still repros. |
FYI for anyone blocked by this issue, as a workaround you can use a hybrid runbook worker. Service principal auth should work there. |
Was this issue ever resolved? I believe currently seeing issues with this at the moment |
me too.. |
We're working on a feature to make this easier, for now you have to generate a service principal that can auth via a certificate, and then auth via that service principal certificate in Azure Automation runbooks. Attached is a script that can be used to generate a service principal / certificate, and a runbook that auths to Azure via a service principal using certificate auth. |
The CreateCert code only Works for Windows 8 and above... So I had a hard time figuring that out... now... the thing is that creating the AzureRMADApplication fails... |
Ok, finally its working for me... what I did... $startDate = $cert.GetEffectiveDateString() and finally créate the App |
Please note - make sure the service principal cert is marked exportable when imported as an asset to Azure Automation. |
Please note - if you get error:
|
We are taking steps in the service to make creation of a service principal / cert easier |
Creation of a service principal / service principal certificate, and authentication with it from the Automation service, is now much easier. Please see https://azure.microsoft.com/en-us/documentation/articles/automation-sec-configure-azure-runas-account/ for more details. |
why is this closed? it isn't fixed |
Currently, it is not possible to use the ARM cmdlets in Azure Automation, if authenticating with a service principal, due to the fact that Azure Automation sandboxes don't have the cred store the ARM module tries to store the SP cred in. The ARM module should be updated to not assume there is a cred store for the SP cred.
I know this is already being tracked internally by Azure PowerShell (as 4392531), just opening here so affected Azure Automation users can follow the issue.
The text was updated successfully, but these errors were encountered: