stackoom
  简体   繁体   中英

Azure ADAL for Python - facing issue with acquire_token_with_username_password method

 原文  2017-06-07 13:41:09       python/ azure/ adal/ azure-sdk-python

Question

I am trying to retrieve access token using azure user id and password . Initially I tried with the following python code block 

import adal
context = adal.AuthenticationContext(AUTHORITY)
token = context.acquire_token_with_client_credentials(
    "https://management.azure.com/",
    CLIENT_ID,
    CLIENT_SECRET)

This is returning the token without any issue . I am following an example from https://github.com/AzureAD/azure-activedirectory-library-for-python for retrieving the token using username and password and the code block is the the following 

token2 = context.acquire_token_with_username_password("https://management.azure.com/",USER_NAME,PASSWORD,CLIENT_ID)

In this case ,no token is returned , instead following response is returned . 

File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\authentication_context.py", line 145, in acquire_token_with_username_password
    return self._acquire_token(token_func)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\authentication_context.py", line 109, in _acquire_token
    return token_func(self)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\authentication_context.py", line 143, in token_func
    return token_request.get_token_with_username_password(username, password)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\token_request.py", line 286, in get_token_with_username_password
    token = self._get_token_username_password_federated(username, password)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\token_request.py", line 252, in _get_token_username_password_federated
    username, password)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\token_request.py", line 211, in _perform_username_password_for_access_token_exchange
    username, password)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\token_request.py", line 198, in _perform_wstrust_exchange
    result = wstrust.acquire_token(username, password)
  File "F:\All_Python\Python_Setup\Python27\lib\site-packages\adal\wstrust_request.py", line 160, in acquire_token
    raise AdalError(return_error_string, error_response)
adal.adal_error.AdalError: WS-Trust RST request returned http error: 500 and server response: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><s:Header><a:Action s:mustUnderstand="1">http://www.w3.org/2005/08/addressing/soap/fault</a:Action><o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><u:Timestamp u:Id="_0"><u:Created>2017-06-07T12:12:56.567Z</u:Created><u:Expires>2017-06-07T12:17:56.567Z</u:Expires></u:Timestamp></o:Security></s:Header><s:Body><s:Fault><s:Code><s:Value>s:Sender</s:Value><s:Subcode><s:Value xmlns:a="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">a:FailedAuthentication</s:Value></s:Subcode></s:Code><s:Reason><s:Text xml:lang="en-US">ID3242: The security token could not be authenticated or authorized.</s:Text></s:Reason></s:Fault></s:Body></s:Envelope>

Process finished with exit code 1

If anybody has any idea on this, please let me know .

1 answers

solution1
 0  2017-06-08 07:55:43

According to the information of error stack, per my experience, due to the error comes from the method _get_token_username_password_federated and 500 error code for WS-Trust RST request, it seems that the user/password you used for acquiring token not created in the Azure AD of your app registed, but looks like that created in a federated AD.

Please try to do the two ways below for inspection the issue.

  1. Create a new user in the Azure AD of your app registed on Azure portal with your admin accout, then use the new user/password for retrieving the token.
  2. Inspect your Azure AD configuration to make sure whether deployed Active Directory Federation Services and the current use/password created in a federated AD instance.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure ADAL for Python - model has no attribute 'acquire_token_with_username_password' Why is getting an Azure AD token via “acquire_token_with_username_password” failing? Python: Integrate user agent in app.acquire_token_by_username_password Python ADAL acquire_token_with_client_credentials refresh token? How do you get authentication bearer using a username and password for the Azure Blockchain Workbench using ADAL in python? ADAL for Python bearer token write access issue Azure ADAL authentication using python Python post username and password Python username and password creator Python username and password with 3 attempts
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM