search

microsoft / azuredatastudio

Azure Data Studio is a data management and development tool with connectivity to popular cloud and on-premises databases. Azure Data Studio supports Windows, macOS, and Linux, with immediate capability to connect to Azure SQL and SQL Server. Browse the extension library for more database support options including MySQL, PostgreSQL, and MongoDB.
https://learn.microsoft.com/sql/azure-data-studio
MIT License
7.58k stars 908 forks source link

Users Can not login #25596

Open vafe23 opened 7 months ago

vafe23 commented 7 months ago

Type: Bug

When creating a new connection after giving all the details, and when add account section it navigates to a browser to login, once details are given it keeps spinning and never logs in.

Azure Data Studio version: azuredatastudio 1.48.0 (4970733324ef8254b7c22a5dc55af7f8a1dea93f, 2024-02-27T00:05:08.293Z) OS version: Windows_NT x64 10.0.22631 Restricted Mode: No Preview Features: Enabled Modes:

System Info |Item|Value| |---|---| |CPUs|11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHz (8 x 1805)| |GPU Status|2d_canvas: enabled
canvas_oop_rasterization: enabled_on
direct_rendering_display_compositor: disabled_off_ok
gpu_compositing: enabled
multiple_raster_threads: enabled_on
opengl: enabled_on
rasterization: enabled
raw_draw: disabled_off_ok
video_decode: enabled
video_encode: enabled
vulkan: disabled_off
webgl: enabled
webgl2: enabled
webgpu: enabled| |Load (avg)|undefined| |Memory (System)|31.73GB (14.96GB free)| |Process Argv|| |Screen Reader|no| |VM|0%|
Extensions (1) Extension|Author (truncated)|Version ---|---|--- azdata-sanddance|msr|4.0.3
vafe23 commented 5 months ago

@corivera Is this till in schedule for May 2024 Release, Do we know any date?

vafe23 commented 5 months ago

Any help on this we are looking for solution on this from long time.

github-actions[bot] commented 4 months ago

We need more info to debug your Microsoft Entra ID issue. If you could attach your logs to the issue (ensure no private data is in them), it would help us fix the issue much faster.

Additionally, please review known issues and their resolutions that could be helpful: Common Azure Authentication Issues

cssuh commented 4 months ago

Hi @vafe23 can you please attach logs and also check if there are any errors in the Developer Tools Console? (F12 -> Console)

m0nkeyc0de commented 4 months ago

Hi, I enabled verbose Azure logs and tried again.

Nothing shows up in the browser console: image

The 1-Azure-Accounts.log is there: 1-Azure Accounts.log

Stuff was also written in 4-Kusto Tools Service.log 4-Kusto Tools Service.log

It looks like the callback triggers nothing at all in Azure Data Studio

cssuh commented 4 months ago

Hi @m0nkeyc0de, can you please check the Dev Tools console in ADS? Not the browser

m0nkeyc0de commented 4 months ago

Hi @cssuh, below are the ADS Dev Tools console logs (All Levels)

When using the "cached credentials" of yesterday, following shows up:

INFO Creating new connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

INFO Creating new connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

INFO Successfully added connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

INFO Creating new connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

I cleared the Azure Token Cache and tried again (authentication had to be redone with the browser callback at the end)

INFO Creating new connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

INFO Adding connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

INFO Successfully added connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555
cssuh commented 4 months ago

@m0nkeyc0de it seems like from the Azure Account logs there is an old expired token in the cache, do you think you could capture the Azure Account logs again, but this time with a cleared azure token cache?

m0nkeyc0de commented 4 months ago

Hi @cssuh, I executed the Azure Accounts - Clear Azure Account Token Cache right after starting the Azure Data Studio after a proper PC boot and this time it just worked seamlessly with the Azure account linked to the Windows account I'm currently logged-in (Active Directory account synchronized with Entra ID). The browser SSO login even didn't show up.

I still have the exact same software versions as stated in #25704. I don't understand why it suddenly worked today. But this is too good to be true.

I need to use another Azure-only account and it failed again the same way as before.

I executed the Azure Accounts - Clear Azure Account Token Cache , reloaded (not restarted) ADS and retried to log in with the account that magically worked just before. It fails the same way as before.

I cleared the cache again and completely restarted Azure Data Studio (the suggested reload command made all elements of the UI disappear) and it magically worked again with the Azure account linked to the Windows account I'm currently logged-in.

Then I cleared the cache again and completely restarted Azure Data Studio. This time I tried with the Azure-only account (not linked to my Windows account) : I successfuly logged-in through the browser but ADS was blocked on the spinning wheel again.

Takeaways of the tests of today:

  1. Azure MFA works magically after a clean start, even without having to logging in, with the Windows account if it's linked to Azure.
  2. If the log-in process must go through the browser (Edge), Azure Data Studio is stuck on the spinning wheel even if the callback is working and connection successfuly added according to logs.
  3. Once the login process fails is stuck on the wheel, the Windows-linked-to-Azure account also stops to be working. Only a Azure Accounts - Clear Azure Account Token Cache followed with a full restart of ADS solves the issue (for the Windows-linked-to-Azure account)

Logs when it fails with the spinning wheel after a clean start:

INFO Creating new connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555
INFO Adding connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555
INFO Successfully added connection connection:providerName:KUSTO|applicationName:azdata|authenticationType:AzureMFA|database:|server:wonderful.cluster.kusto.windows.net|user:John Doe - john.doe@example.com|group:11111111-2222-3333-4444-555555555555

Edit: After the next clean start the browser opened for the SSO of the Windows-linked-to-Azure account and authentication looked to work. When editing the connection to select a database the spinning wheel was stuck in the "Connections" menu. The behavior of the authentication is very unpredictable, buggy and clueless about what is happening. image The logs in that case aren't different from above.