You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "saaccount": autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS700212: No matching federated identity record found for presented assertion audience 'api://AzureADTokenExchange'. Please check your federated identity credential Subject, Audience and Issuer against the presented assertion. https://learn.microsoft.com/entra/workload-id/workload-identity-federation Trace ID: 4e74bc4f-80b6-434d-aba7-73c124dc5800 Correlation ID: 61f558e1-841a-4b19-96af-5ddadc2c3cb6 Timestamp: 2024-08-14 13:37:59Z","error_codes":[700212],"timestamp":"2024-08-14 13:37:59Z","trace_id":"4e74bc4f-80b6-434d-aba7-73c124dc5800","correlation_id":"61f558e1-841a-4b19-96af-5ddadc2c3cb6"}
Expected Behavior
It should be able to authenticate
Actual Behavior
It's failing in authentication and the reason looks like due to wrong assertion audience.
Because for Azure China Cloud default assertion audience for federated credential is api://AzureADTokenExchangeChina in EntraId where as as per above logs it's trying to use 'api://AzureADTokenExchange' assertion audience while looking for federated credentials.
Steps to Reproduce
terraform init
Additional Context
No response
References
No response
The text was updated successfully, but these errors were encountered:
Thanks for this report! The Azure Provider team (at HashiCorp) maintains the Azure backend, and so we will need that team to triage and comment on this issue. Thanks again!
Terraform Version
Terraform Configuration Files
Debug Output
Error: Failed to get existing workspaces: Error retrieving keys for Storage Account "saaccount": autorest/Client#Do: Preparing request failed: StatusCode=0 -- Original Error: clientCredentialsToken: received HTTP status 401 with response: {"error":"invalid_client","error_description":"AADSTS700212: No matching federated identity record found for presented assertion audience 'api://AzureADTokenExchange'. Please check your federated identity credential Subject, Audience and Issuer against the presented assertion. https://learn.microsoft.com/entra/workload-id/workload-identity-federation Trace ID: 4e74bc4f-80b6-434d-aba7-73c124dc5800 Correlation ID: 61f558e1-841a-4b19-96af-5ddadc2c3cb6 Timestamp: 2024-08-14 13:37:59Z","error_codes":[700212],"timestamp":"2024-08-14 13:37:59Z","trace_id":"4e74bc4f-80b6-434d-aba7-73c124dc5800","correlation_id":"61f558e1-841a-4b19-96af-5ddadc2c3cb6"}
Expected Behavior
It should be able to authenticate
Actual Behavior
It's failing in authentication and the reason looks like due to wrong assertion audience.
Because for Azure China Cloud default assertion audience for federated credential is api://AzureADTokenExchangeChina in EntraId where as as per above logs it's trying to use 'api://AzureADTokenExchange' assertion audience while looking for federated credentials.
Steps to Reproduce
Additional Context
No response
References
No response
The text was updated successfully, but these errors were encountered: