Open sirajahmadzai opened 1 week ago
YanaXu
commented
1 week ago Hi @sirajahmadzai , please refer to the guide: Login With OpenID Connect (OIDC) [Recommended]. And your workflow failes because of this step Configure a federated identity credential on an service principal.
Please double confirm you have configured the correct federated credential for "repo:sirajahmadzai/mslearn-advocates.azure-functions-and-signalr:environment:Production".
SatriaPriambada
commented
4 days ago Hi I also faced the same issue with CD from Azure Function
I want to follow up is there any way to actually solve this problem? I can't seem to follow up the tutorial on Configure a federated identity credential on an service principal.
To add a federated identity for a GitHub action, follow these steps:
Find your app registration in the Microsoft Entra admin center app registration experience. Select Certificates & secrets in the left navigation pane, select the Federation credentials tab, and select Add credentials.
I can enter https://entra.microsoft.com/ but there's nothing about App Registration of my Azure Function, No Certificate & Secrets in the left navigation tab, and no Add Federation credentials
additional information: I can deploy my code manually via the web and using Visual Studio code It's just the Azure/login in Github action that seems to have problem with deployment
I checked my Github Repo Secret and I can see that Azure Function add the secret there
YanaXu
commented
4 days ago Hi @SatriaPriambada , please check the guide. First, you have to create a SP and add the right role assignment. Second, you can add a federation credential. Third, you can use it in your Azure Login Action. Please kinldy click the 2 links and you will see the configuration pages for reference.
SatriaPriambada
commented
4 days ago Hi @YanaXu thanks for the quick reply,
Unfortunately I still didn't get your instruction since it's basically just a repeat of what you've said before...
I have a CD pipeline from Azure Function -> Deployment -> Distribution Center auto generated github action
However on azure/login steps it failed with this same error in this thread
I have added the federation credential that you mentioned but still get the error
Federated token details:
issuer - https://token.actions.githubusercontent.com/
subject claim - repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production
Attempting Azure CLI login by using OIDC...
Error: AADSTS700[21](https://github.com/EndeavourEnergy/GigaGrid_Cert_Generator/actions/runs/9685718530/job/26764556663#step:5:22)3: No matching federated identity record found for presented assertion subject 'repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production'. Please check your federated identity credential Subject, Audience and Issuer against the presented assertionThis is my Entra view that said that subject claim - repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production
has existed
Is there a missing step? Like having to link my Azure Function to Entra or something not said in the tutorial?
Thanks and have a great day!
sirajahmadzai
commented
2 days ago It also doesn't work for me, I am not sure why they haven't put clear instructions in the Microsoft Learn activity for this exercise, now I am getting this error:
`Run azure/login@v1 Running Azure CLI Login. /usr/bin/az cloud set -n azurecloud Done setting cloud: "azurecloud" Federated token details: issuer - https://token.actions.githubusercontent.com/ subject claim - repo:sirajahmadzai/mslearn-advocates.azure-functions-and-signalr:environment:Production Attempting Azure CLI login by using OIDC... Error: No subscriptions found for ***.
Error: Login failed with Error: The process '/usr/bin/az' failed with exit code 1. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.`
The exercise I am trying to complete is: https://www.coursera.org/learn/create-serverless-applications/supplement/yBhoa/exercise-enable-automatic-updates-in-a-web-application-using-signalr-service
YanaXu
commented
8 hours ago Hi @YanaXu thanks for the quick reply,
Unfortunately I still didn't get your instruction since it's basically just a repeat of what you've said before... I have a CD pipeline from Azure Function -> Deployment -> Distribution Center auto generated github action
However on azure/login steps it failed with this same error in this thread
I have added the federation credential that you mentioned but still get the error
Federated token details: issuer - https://token.actions.githubusercontent.com/ subject claim - repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production Attempting Azure CLI login by using OIDC... Error: AADSTS700[21](https://github.com/EndeavourEnergy/GigaGrid_Cert_Generator/actions/runs/9685718530/job/26764556663#step:5:22)3: No matching federated identity record found for presented assertion subject 'repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production'. Please check your federated identity credential Subject, Audience and Issuer against the presented assertionThis is my Entra view that said that subject claim - repo:EndeavourEnergy/GigaGrid_Cert_Generator:environment:Production has existed
Is there a missing step? Like having to link my Azure Function to Entra or something not said in the tutorial?
Thanks and have a great day!
Hi @SatriaPriambada, Could you share the workflow file and Service Principal page? The error means the SP you used in the GitHub Action do not have the federated credential. But the page of the federated credential you shared in your comment seems correct. Could you double check if you're using it for Azure Login Action? And please do use the latest Azure Login Action, which is v2.
YanaXu
commented
8 hours ago It also doesn't work for me, I am not sure why they haven't put clear instructions in the Microsoft Learn activity for this exercise, now I am getting this error:
`Run azure/login@v1 Running Azure CLI Login. /usr/bin/az cloud set -n azurecloud Done setting cloud: "azurecloud" Federated token details: issuer - https://token.actions.githubusercontent.com/ subject claim - repo:sirajahmadzai/mslearn-advocates.azure-functions-and-signalr:environment:Production Attempting Azure CLI login by using OIDC... Error: No subscriptions found for ***.
Error: Login failed with Error: The process '/usr/bin/az' failed with exit code 1. Double check if the 'auth-type' is correct. Refer to https://github.com/Azure/login#readme for more information.`
The exercise I am trying to complete is: https://www.coursera.org/learn/create-serverless-applications/supplement/yBhoa/exercise-enable-automatic-updates-in-a-web-application-using-signalr-service
Hi @sirajahmadzai,
Could you please also share your workflow file, the SP Federated credential configuration page? Let's see where is not well configured.
Hello,
I am running into this error when following one of Microsoft Learn's exercises:
I am following this exercise:
https://learn.microsoft.com/en-us/training/modules/automatic-update-of-a-webapp-using-azure-functions-and-signalr/5-exercise-enable-automatic-updates-in-a-web-app-using-signalr
I am able to successfully build but deployment fails.