yonzhan
commented
1 year ago @jiasli for awareness
Open elygre opened 1 year ago
yonzhan
commented
1 year ago @jiasli for awareness
rayluo
commented
1 year ago WAM does not seem to integrate with my password manager. This creates a much more annoying workflow: The WAM-window opens, i select the username, I have to switch to a browser, open the password manager, copy the password, return to the WAM-window, paste the password, submit the login, switch to my command line.
Hi @elygre , did you need to do that just once, or did you need to do that for every "az login" even for the same account?
elygre
commented
1 year ago So there are two levels of "az login".
For my organization, the login lifetime is measured in a few hours, and I need multiple "real" logins during a workday.
ms6073
commented
1 year ago Wanted to comment that on my Win 10 laptop, running the suggested commands resulted in my no longer being able to to actually login to the azure client!
az config set core.allow_broker=false az account clear az login
After which login attempts returned a variety of errors, the most common that was repeated with each logon attempt was as follows. Fortunately I stumbled across the OP and was able to resolve the issue setting core.allow_broker=true:
Winrt exception was thrown during GetTokenSilently '(pii)'.. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 590996738 Please explicitly log in with: az login
rayluo
commented
1 year ago Wanted to comment that on my Win 10 laptop, running the suggested commands resulted in my no longer being able to to actually login to the azure client!
az config set core.allow_broker=false az account clear az login
After which login attempts returned a variety of errors, the most common that was repeated with each logon attempt was as follows. Fortunately I stumbled across the OP and was able to resolve the issue setting core.allow_broker=true:
Winrt exception was thrown during GetTokenSilently '(pii)'.. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 590996738 Please explicitly log in with: az login
Are you sure you did not actually use the "...allow_broker=true" or "...false" in the opposite way? That error message would only show up when broker was in effect.
ms6073
commented
1 year ago Sorry, may have juxtaposed the cmds. Our organization requires additional authentication in which a web page opens and prompts for the password and then have to complete 2FA using MS Authenticator app, and after the login is approved, the page refreshed with the prompt about WAM and I decided to run the cmds as outlined on that webpage.
rayluo
commented
1 year ago Winrt exception was thrown during GetTokenSilently '(pii)'.. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 590996738 Please explicitly log in with: az login
@ms6073, would you mind re-enabling broker by setting "allow_broker=true", and then reproduce the problem while running "az login --debug", and then send the logs to us? You can find our email from our github profile. CC: @msamwils, @jiasli .
ms6073
commented
1 year ago Regards,
Michael (Replay may have been sent from Android - so forgive teh typos)
On Thu, Apr 6, 2023 at 6:49 PM Ray Luo @.***> wrote:
Winrt exception was thrown during GetTokenSilently '(pii)'.. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 590996738 Please explicitly log in with: az login
@ms6073 https://github.com/ms6073, would you mind re-enabling broker by setting "allow_broker=true", and then reproduce the problem while running "az login --debug", and then send the logs to us? You can find our email from our github profile. CC: @MSamWils https://github.com/MSamWils, @jiasli https://github.com/jiasli .
— Reply to this email directly, view it on GitHub https://github.com/Azure/azure-cli/issues/25787#issuecomment-1499766737, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHLKNQAA6KE3EM3I7TNVYC3W75I7HANCNFSM6AAAAAAVY6CJEU . You are receiving this because you were mentioned.Message ID: @.***>
DEBUG: cli.knack.cli: Command arguments: ['login', '--debug']
DEBUG: cli.knack.cli: init debug log:
Cannot enable color.
DEBUG: cli.knack.cli: Event: Cli.PreExecute []
DEBUG: cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x02FEB3D0>, <function OutputProducer.on_global_arguments at 0x031B9B68>, <function CLIQuery.on_global_arguments at 0x031D77C0>]
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
DEBUG: cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
DEBUG: cli.azure.cli.core: Loading command modules:
DEBUG: cli.azure.cli.core: Name Load Time Groups Commands
DEBUG: cli.azure.cli.core: profile 0.004 2 9
DEBUG: cli.azure.cli.core: Total (1) 0.004 2 9
DEBUG: cli.azure.cli.core: Loaded 2 groups, 9 commands.
DEBUG: cli.azure.cli.core: Found a match in the command table.
DEBUG: cli.azure.cli.core: Raw command : login
DEBUG: cli.azure.cli.core: Command table: login
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x03BB62F8>]
DEBUG: cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to 'C:\Users\shepherdm3_apadm.azure\commands\2023-04-10.08-10-00.login.12008.log'.
INFO: az_command_data_logger: command args: login --debug
DEBUG: cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument.
ERROR: cli.azure.cli.core.azclierror: Unexpected exception while waiting for accounts control to finish: '(pii)'. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 528315211 ERROR: az_command_data_logger: Unexpected exception while waiting for accounts control to finish: '(pii)'. Status: Response_Status.Status_Unexpected, Error code: -2147023584, Tag: 528315211 Please explicitly log in with: az login DEBUG: cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x03BB6418>] INFO: az_command_data_logger: exit code: 1 INFO: cli.main: Command ran in 0.720 seconds (init: 0.426, invoke: 0.294) INFO: telemetry.main: Begin splitting cli events and extra events, total events: 1 INFO: telemetry.client: Accumulated 0 events. Flush the clients. INFO: telemetry.main: Finish splitting cli events and extra events, cli events: 1 INFO: telemetry.save: Save telemetry record of length 3511 in cache INFO: telemetry.check: Returns Positive. INFO: telemetry.main: Begin creating telemetry upload process. INFO: telemetry.process: Creating upload process: "C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\python.exe C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\Lib\site-packages\azure\cli\telemetry__init__.pyc C:\Users\shepherdm3_apadm.azure" INFO: telemetry.process: Return from creating process INFO: telemetry.main: Finish creating telemetry upload process.
rayluo
commented
1 year ago Thanks for the logs. We will look into this. 👀
MSamWils
commented
1 year ago Hi @ms6073, may I ask did you "run as a different user" when launching the console for doing the az login?
ms6073
commented
1 year ago @MSamWils
Yes. I work for a large health care organization and the account I logon with is not a member of the local administrator's group, thus for operations that require administrator rights on the local machine such as installing or updating software, I use another AD account with applicable permissions. There is a 3rd AD account that I must use for administering things in Azure, but for each of these, I am opening/running the CMD window as the applicable AD account requiring me to enter username/password for each instance. Note that the use of multiple accounts is a pretty common occurrence for IT members in health care organizations as well as oil & gas, and more than likely banking/finance.
MSamWils
commented
7 months ago Hi @ms6073 , circle back on this topic since we would like to learn about your scenario and may be able to provide alternative solution if applicable. Can you please send me an email at samwils AT microsoft DOT com to discuss more about that? Thanks
az loginsays that you are preparing to switch to WAM (Web Authentication Manager). The message says "To help us collect feedback on the new login experience, you may opt-in to use WAM by running the following commands", which indicates that you want feedback. At the same time, you don't say where, so I chose this channel.My feedback: WAM does not seem to integrate with my password manager. This creates a much more annoying workflow: The WAM-window opens, i select the username, I have to switch to a browser, open the password manager, copy the password, return to the WAM-window, paste the password, submit the login, switch to my command line.
The corresponding browser-login is much simpler: The browser opens, I select the username, password is automatically filled, I submit, and switch to the command line.
So, for me, the important command is
az config set core.allow_broker=false, which I hope will remain operational.