问题描述

我在使用CLI处理基于ADFS的ASDK时遇到问题。我已根据需要更新了证书并使用以下命令注册：

az cloud register -n AzureStackAdmin --endpoint-resource-manager" https://adminmanagement.local.azurestack。外部/" --endpoint-active-directory" https://adfs.local.azurestack.external/adfs" --endpoint-active-directory-resource-id" https://adminmanagement.adfs.azurestack.local/8cfbcc64-6538-4802-8616-3257b7xxxxx/"
--endpoint-active-directory-graph-resource-id" https：//graph.local.azurestack.external/" --suffix-storage-endpoint" local.azurestack.external" --suffix-keyvault-dns" .adminvault.local.azurestack.external"

当我尝试登录时出现此错误：

获取令牌请求返回http错误：400和服务器响应：{" error"：" unauthorized_client"，" error_description"：" MSIS9605：不允许客户端访问请求的资源。"}

我以AzureStackAdmin@azurestack.local帐户登录。

我可以通过PowerShell和管理员门户访问默认提供商订阅。

任何想法？

I'm having an issue getting the CLI to work with ADFS based ASDK. I've updated the certificates as required and registered using this command:

az cloud register -n AzureStackAdmin --endpoint-resource-manager "https://adminmanagement.local.azurestack.external/" --endpoint-active-directory "https://adfs.local.azurestack.external/adfs" --endpoint-active-directory-resource-id "https://adminmanagement.adfs.azurestack.local/8cfbcc64-6538-4802-8616-3257b7xxxxx/" --endpoint-active-directory-graph-resource-id "https://graph.local.azurestack.external/" --suffix-storage-endpoint "local.azurestack.external" --suffix-keyvault-dns ".adminvault.local.azurestack.external"

When I try to login I get this error:

Get Token request returned http error: 400 and server response: {"error":"unauthorized_client","error_description":"MSIS9605: The client is not allowed to access the requested resource."}

I am logging in as the AzureStackAdmin@azurestack.local account.

I have access to the Default Provider Subscription through PowerShell and the Admin Portal.

Any ideas?

这篇关于Azure CLI 2.0.9，ADFS错误"：" unauthorized_client" ，“error_description”：“MSIS9605：不允许客户端访问所请求的资源。”}的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！