Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The Known Issues of Az.Accounts 3.0.0 and Their Workarounds #25005

Open
msJinLei opened this issue May 28, 2024 · 13 comments
Open

The Known Issues of Az.Accounts 3.0.0 and Their Workarounds #25005

msJinLei opened this issue May 28, 2024 · 13 comments
Labels
Accounts Issues in Az.Accounts except authentication related Discuss

Comments

@msJinLei
Copy link
Contributor

msJinLei commented May 28, 2024

1. The interactive login method cannot popup window for WAM (Fixed)

Report an error "User canceled authentication" Refer to AzureAD/microsoft-authentication-library-for-python#707

2. Azure PowerShell cmdlets are unable to run after login with DeviceCode and DeviceCode login methods will fail without -Tenant parameter (Mitigated)

3. Azure PowerShell cmdlets are unable to run after login with UserName+Password and UserName+Password login methods will fail without -Tenant parameter (Mitigated)

  • Workaround of Az.Accounts 3.0.0
    • Login interactively with the same account on the same machine
    • If 1 is not applicable, disable WAM
Update-AzConfig -EnableLoginByWam $false

4. WAM pop-up window to select an account is not easy to find

  • Workaround: minimize other windows to look for the pop-up window carefully

Root case

Fail to get the right console handle. See AzureAD/microsoft-authentication-library-for-dotnet#4887

5 WAM pop-up window doesn't display "Work and school account" option

6. The interactive login method cannot popup window for WAM in Window PowerShell ISE Console

  • Workaround
Update-AzConfig -EnableLoginByWam $false

7. The ExportAzSshConfig and EnterAzVMCommand from Az.Ssh are not able to use when WAM is enabled.

@msJinLei msJinLei added question The issue doesn't require a change to the product in order to be resolved. Most issues start as that needs-triage This is a new issue that needs to be triaged to the appropriate team. labels May 28, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot removed the needs-triage This is a new issue that needs to be triaged to the appropriate team. label May 28, 2024
@msJinLei msJinLei pinned this issue May 28, 2024
@msJinLei msJinLei added Discuss Accounts Issues in Az.Accounts except authentication related and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels May 28, 2024
@slavizh
Copy link

slavizh commented May 29, 2024

What about #25003?

@weyCC81
Copy link

weyCC81 commented May 29, 2024

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

@msJinLei
Copy link
Contributor Author

What about #25003?

Thanks for reporting the issue. I reply in it.

@msJinLei
Copy link
Contributor Author

msJinLei commented May 29, 2024

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

@weyCC81 Thanks for reporting the issue. I shall say yes

Please disable WAM to workaround it firstly

Update-AzConfig -EnableLoginByWam $false

@msJinLei
Copy link
Contributor Author

msJinLei commented Jun 4, 2024

In ISE, on Windows 11 mine says the following, does this correlate?

# 12.0.0    Az
# 3.0.0     Az.Accounts
# 6.0.0     Az.KeyVault
Connect-AzAccount -Tenantid [TenantID] -Subscription [Subscription]
# > Connect-AzAccount : InteractiveBrowserCredential authentication failed: A window handle must be configured. See https://aka.ms/msal-net-wam#parent-window-handles 
# > Could not find tenant id for provided tenant domain '[TenantID]'. Please ensure that the provided user is found in the provided tenant domain.

@weyCC81 Yes, we have reported your issue to MSAL AzureAD/microsoft-authentication-library-for-dotnet#4796

@spongemike2
Copy link

I get the same issue whenever I run from an elevated console window. Running the:

Update-AzConfig -EnableLoginByWam $false

...command fixes it.

@Alex-wdy
Copy link
Contributor

Alex-wdy commented Jul 11, 2024

We have solved the below issue in the latest version: Az.Accounts 3.0.1

  1. The interactive login method cannot popup window for WAM
    We are still working on other issues and will update the progress gradually.

@RichardS013
Copy link

Using updated versions Az.Accounts 3.0.1 - 3.0.4 and it appears to still hang even after running cmdlet:
Update-AzConfig -EnableLoginByWam $false

@Alex-wdy
Copy link
Contributor

Using updated versions Az.Accounts 3.0.1 - 3.0.4 and it appears to still hang even after running cmdlet: Update-AzConfig -EnableLoginByWam $false

Can you give me some more details? Normally, this issue should not exist.

@Alex-wdy
Copy link
Contributor

Alex-wdy commented Nov 6, 2024

2 and 7 issues will be released at Az.13.0.0 version.

@ChristopherGLewis
Copy link

4. WAM pop-up window to select an account is not easy to find
   Workaround: minimize other windows to look for the pop-up window carefully

Is this for real? Your response to a fundamental break in the PowerShell login experience is a shrug?

Like most developers, I'm running a multi screen display environment, and every time I log in, it's like I'm playing wack-a-mole trying to find this stupid login screen. Sometimes it's on the same screen, but buried behind the 8-10 windows I run. Sometimes on my second or third monitor, but again NEVER on top.

How trivial would it be to add the "Always on top" (WS_EX_TOPMOST) flag to the window? I believe that was implemented in Windows 3.x.

@msJinLei
Copy link
Contributor Author

it's like I'm playing wack-a-mole trying

I understand your pain-point. We list the "workaround" just to unblock the customers who thought the login window was not popped-up. We create the issue to track it. But the fix may refer to several teams so as to require more time.

@ChristopherGLewis
Copy link

it's like I'm playing wack-a-mole trying

I understand your pain-point. We list the "workaround" just to unblock the customers who thought the login window was not popped-up. We create the issue to track it. But the fix may refer to several teams so as to require more time.

It's been 5 months. These teams are all Microsoft teams.

WAM should have never been released with this fundamental flaw.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Accounts Issues in Az.Accounts except authentication related Discuss
Projects
None yet
Development

No branches or pull requests

7 participants