AzureRm.Netcore Login-AzureRmAccount not working on Mac and Linux with Service Principal

[scgbear]

Cmdlet(s)

Login-AzureRmAccount

PowerShell Version

Instructions: to get PowerShell version, type $PSVersionTable and look for the value associated with PSVersion
6.0.0-beta

Module Version

0.9.1

OS Version

Instructions: to get OS version, type $PSversionTable and look for value associated with BuildVersion

Description

Team is having issues executing the Login-AzureRmAccount cmdlet using a service principal from Mac and Linux boxes. The same script (with the same password, tenant id & username) run from a Windows 10 machine works fine. The Login-AzureRmAccount cmdlet works on the linux and mac boxes when executing the cmdlet without any parameters passed in and the user logs in manually. It's using the service principal that is having issues.

Debug Output

Instructions: to get Debug Output, set $DebugPreference="Continue" and then execute the cmdlet or script causing the issue

DEBUG: 1:26:42 PM - AddAzureRMAccountCommand begin processing with ParameterSet 'ServicePrincipalWithSubscriptionId'.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: 'XXXXXXXXXXXXXXXXXX', Endpoint: 'https://login.microsoftonline.com/', ClientId: 'XXXXXXXXXXXXXXXXX', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True'
Login-AzureRmAccount : AADSTS50001: The application named https://login.microsoftonline.com/XXXXXXXXXXXXXXXXXXX/ was not found in the tenant
named XXXXXXXXXXXXXXXXXX. This can happen if the application has not been installed by the administrator of the tenant or consented to by
any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: 070ab52b-0a52-4bfd-8951-d160c3531b00
Correlation ID: 10368aee-0a64-4a5b-af11-22116e570920
Timestamp: 2017-08-15 20:26:44Z
At /XXXXXXXX/AzureResources/loginprin.ps1:13 char:1

• Login-AzureRmAccount -Credential $Credentials -ServicePrincipal -Tena ...

•   + CategoryInfo          : CloseError: (:) [Add-AzureRmAccount], AdalServiceException
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
  
  

DEBUG: 1:26:43 PM - AddAzureRMAccountCommand end processing.
DEBUG: 1:26:43 PM - AddAzureRMAccountCommand end processing.

Script/Steps for Reproduction

$PlainPassword = "XXXXXXXXXXXXXXXXXXXXXXXXXX"

$tenantID = "XXXXXXXXXXXXXXXXXXXXXX"

$UserName = "XXXXXXXXXXXXXXXXXXXXX"

$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force

$Credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $UserName, $SecurePassword

Login-AzureRmAccount -Credential $Credentials -ServicePrincipal -TenantId $tenantID

[mrvladis]

Have exactly the same issue.

[dimitertodorov]

Same issue on OSX.

Tried with several combinations. Succeeds on Windows.

Trace ID: 1546ccf2-949b-400b-8a0e-3bd7142f1400
Correlation ID: 85fb2d48-d7b6-4f79-bd10-ba0d77eb4b22
Timestamp: 2017-08-25 17:23:16Z

[twsouthwick]

This actually does fail on Windows when running Powershell 6.0 using the AzureRM.Netcore module with the same error that I see on Linux. If you run on Powershell 5.0 using the AzureRM module, it succeeds.

[twsouthwick]

I tried cloning the project to see if it would be a trivial fix, but can't seem to get anything to compile. @markcowl do you have ideas (you're assigned to what seems a similar issue)? It fails to restore a ton of the packages. I'm using VS 2017 15.3.3, on the preview branch.

[TechnologyAnimal]

I am getting the same problem on OSX. Running the cmdlet with debugging mode enabled, I noticed something interesting... it seems that it's trying to authenticate with an unknown client id?

DEBUG: 9:32:45 PM - AddAzureRMAccountCommand begin processing with ParameterSet 'ServicePrincipalWithSubscriptionId'.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain: 'CorrectOmittdName', Endpoint: 'https://login.microsoftonline.com/', ClientId: '1950a258-227b-4e31-a9cf-717495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri: 'https://management.core.windows.net/', ValidateAuthrity: 'True'

[4c74356b41]

any news on this one? this is about 2 months old :(

[sorenhansendk]

I have the same problem in a Docker container hosted in Ubuntu 16.04.3 (Xenial) and with version 0.9.1 of AzureRM.NetCore Powershell. Any news about this?