Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UPN cannot access same subscription as GUI login #32

Open
256tjq1l9mbzvh17lmosharklaserscom opened this issue Aug 11, 2017 · 9 comments
Open

UPN cannot access same subscription as GUI login #32

256tjq1l9mbzvh17lmosharklaserscom opened this issue Aug 11, 2017 · 9 comments

Comments

@256tjq1l9mbzvh17lmosharklaserscom
Copy link

capture
If I login using the GUI ARMCLIENT.exe login, I get 2 tenants, the second of which has a subscription. If I login using upn ARMCLIENT.exe upn [user] [password] I cannot see the subscription. It just says There is no login token. Please login to acquire token. I'm a little confused as to why the UPN doesn't see as much as the GUI login.

The subscription in question is currently awaiting payment, but that should affect both authentication methods, correct?

I suspect UPN is a little-used edge-case. I'm trying to avoid making people go through the Azure Active Directory Application registration process. Thank you for your time, and your wonderful tool.
@snobu
Copy link
Contributor

snobu commented Aug 11, 2017
edited
Loading

Looks fine here using ARMClient v1.2.0.0:

C:\>armclient upn [email protected] PaSSworD

User: [email protected], Tenant: xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxx
(SomeTenant.onmicrosoft.com)
        There are 0 subscriptions

Are you sure the password isn't tripping up the PowerShell parser? Do you have the same results in cmd.exe?

@256tjq1l9mbzvh17lmosharklaserscom
Copy link
Author

I do get the same error in cmd. Is there some way to encode or encapsulate the username and password so that odd characters don't confuse anything?

Looking at it now, it returns really quickly (within 1 second, including VPN latency). whereas calls to ARMCLIENT login take a metaphorical eternity.

@snobu
Copy link
Contributor

snobu commented Aug 11, 2017

What happens if you don't pass in the password? You should get a Password: prompt.

@256tjq1l9mbzvh17lmosharklaserscom
Copy link
Author

It fails the same way.

@snobu
Copy link
Contributor

snobu commented Aug 11, 2017
edited
Loading 

PS C:\> armclient upn [email protected] fdsfds
Sequence contains no elements

Alright, looks like i can repro. Let me take a closer look at what's going on.

@256tjq1l9mbzvh17lmosharklaserscom
Copy link
Author

256tjq1l9mbzvh17lmosharklaserscom commented Aug 11, 2017
edited
Loading

It seems to be coming from: BaseAuthHelper.GetAuthorizationResultByUpn, on the line:

var context = new AuthenticationContext

@256tjq1l9mbzvh17lmosharklaserscom
Copy link
Author

Is it possible that I need to pass a custom tenant Id in when trying to create the authority for accessing a school or work account?

@snobu
Copy link
Contributor

snobu commented Aug 11, 2017

image

Yes, the ADAL library doesn't seem to like that. @suwatch, @ahmelsayed is this by design?
Works fine when using an org id ([email protected]).

@256tjq1l9mbzvh17lmosharklaserscom
Copy link
Author

256tjq1l9mbzvh17lmosharklaserscom commented Aug 11, 2017
edited
Loading

In my case the tenant is [TenantGuid] ([TenantName].onmicrosoft.com)

The user is a personal hotmail account. I'm not sure about how the hotmail account has permissions to our tenant AD's OMS instance. I am not an azure administrator, nor an AD administrator.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@snobu @256tjq1l9mbzvh17lmosharklaserscom