工作区身份验证:多个令牌符合条件
Workspace Authentication: More than one token matches the criteria
在 Azure 计算实例上工作并尝试从 Jupyter 实验室连接到工作区时,我经常 运行 遇到问题。
使用 InteractiveLoginAuthentication 我收到以下消息:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
对于这个服务委托人(SP 是 ML 工作区中的所有者):
WorkspaceException: WorkspaceException:
Message: No workspaces found with name=xxx in all the subscriptions that you have access to.
InnerException None
ErrorResponse
{
"error": {
"message": "No workspaces found with name=xxx in all the subscriptions that you have access to."
}
}
我在不同的订阅中有另一个工作区,我可以通过将 tennant 作为 InteractiveLoginAuthentication 的额外输入来解决它。这一次,没机会了。
不过,有趣的是,我可以在本地计算机上通过 InteractiveLoginAuthentication 登录到工作区。
我怀疑某些旧令牌缓存在某处,因此我尝试使用浏览器的“隐私浏览”功能。此外,我删除了 /home/azureuser/.azure/accessTokens.json 但没有效果。
也许你们中的一些人以前遇到过这个问题并且有想法?
作为参考,我查看了一些网站:
- https://docs.microsoft.com/en-us/azure/machine-learning/how-to-setup-authentication
- https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb
- https://github.com/Azure/azure-cli/issues/4618
- https://github.com/Azure/azure-cli/issues/6147
更新
当我运行这段代码时:
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id='xxx')
ws = Workspace.get(name='xxx',
subscription_id='xxx',
resource_group='xxx',
auth=interactive_auth)
我得到以下跟踪:
---------------------------------------------------------------------------
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
288 module_logger.debug("{} acquired lock in {} s.".format(type(self).__name__, duration))
--> 289 return test_function(self, *args, **kwargs)
290 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
During handling of the above exception, another exception occurred:
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
<ipython-input-2-fd1276999d15> in <module>
5 subscription_id='00c983e5-d766-480b-be75-abf95d1a46c3',
6 resource_group='BusinessIntelligence',
----> 7 auth=interactive_auth)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in get(name, auth, subscription_id, resource_group)
547
548 result_dict = Workspace.list(
--> 549 subscription_id, auth=auth, resource_group=resource_group)
550 result_dict = {k.lower(): v for k, v in result_dict.items()}
551 name = name.lower()
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in list(subscription_id, auth, resource_group)
637 elif subscription_id and resource_group:
638 workspaces_list = Workspace._list_legacy(
--> 639 auth, subscription_id=subscription_id, resource_group_name=resource_group)
640
641 Workspace._process_autorest_workspace_list(
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1373 return None
1374 else:
-> 1375 raise e
1376
1377 @staticmethod
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1367 # azureml._base_sdk_common.workspace.models.workspace.Workspace
1368 workspace_autorest_list = _commands.list_workspace(
-> 1369 auth, subscription_id=subscription_id, resource_group_name=resource_group_name)
1370 return workspace_autorest_list
1371 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_project/_commands.py in list_workspace(auth, subscription_id, resource_group_name)
386 if resource_group_name:
387 list_object = WorkspacesOperations.list_by_resource_group(
--> 388 auth._get_service_client(AzureMachineLearningWorkspaces, subscription_id).workspaces,
389 resource_group_name)
390 workspace_list = list_object.value
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_service_client(self, client_class, subscription_id, subscription_bound, base_url)
155 # in the multi-tenant case, which causes confusion.
156 if subscription_id:
--> 157 all_subscription_list, tenant_id = self._get_all_subscription_ids()
158 self._check_if_subscription_exists(subscription_id, all_subscription_list, tenant_id)
159
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_all_subscription_ids(self)
497 :rtype: list, str
498 """
--> 499 arm_token = self._get_arm_token()
500 return self._get_all_subscription_ids_internal(arm_token)
501
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
293 InteractiveLoginAuthentication(force=True, tenant_id=self._tenant_id)
294 # Try one more time
--> 295 return test_function(self, *args, **kwargs)
296 else:
297 raise e
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
473 return self._ambient_auth._get_arm_token()
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
477 @_login_on_failure_decorator(_interactive_auth_lock)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
588 profile_object = Profile(async_persist=False, cloud_type=cloud_type)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
592 if self._tenant_id and fetch_tenantid_from_aad_token(arm_token) != self._tenant_id:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
324 while True:
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
328 if "Connection aborted." in str(e) and attempt <= retries:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1828 if not token_about_to_expire:
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
1832 try:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
azureml-sdk 是版本 1.9.0- 我可以从本地计算机连接身份验证。只有当我想在计算实例上工作时才会出现问题。
我遇到了同样的问题,下面的代码使用 AZURE ML SDK 获取租户 ID 并使用交互式身份验证,工作正常。
import os
import azureml
from azureml.core import Workspace
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id=" ")
ws = Workspace(subscription_id="",
resource_group="",
workspace_name="",
auth=interactive_auth)
print("Found workspace {} at location {}".format(ws.name, ws.location))
这是我推荐您尝试的另外两种方法:
设置来自 Azure 的租户 ID shell 并将“auth”参数跳过到 Workspace(…)
az 帐户设置-s **********
az account set -s ********** 并且 python SDK 代码为
从 azureml.core.authentication 导入 AzureCliAuthentication
cli_auth = AzureCliAuthentication()
将 cli_auth 传递给 auth 参数而不是 interactivelogin 对象
这通常有两个原因:
您的令牌不适用于正确的租户。在这种情况下,您需要传递包含您的工作区的订阅的 tenantId。 ServicePrincipalAuthentication class 将 tenanatId 作为参数。确保传递正确的值。
该订阅中的工作区有一个大写字母的名称。这是大约三个月前修复的 SDK 端错误。确保您使用的是最新的 SDK。
能否分享一下您使用的SDK版本?此外,以下错误是否仅发生在计算实例中,还是即使您 运行 来自另一台机器的 SDK 也会发生?
WorkspaceException: WorkspaceException:
Message: No workspaces found with name=xxx in all the subscriptions that you have access to.
InnerException None
ErrorResponse
{
"error": {
"message": "No workspaces found with name=xxx in all the subscriptions that you have access to."
}
}
示例代码片段以及完整的堆栈跟踪可以帮助我们更好地调查此问题。
好的,这是答案:
- 你在 Azure 上的公司 A 工作。
- 您可以访问公司 B 的订阅。
- 问题是:您在 ML-Studio 中关联到 A 的 AAD。
- 您需要在
InteractiveLoginAuthentication 中指定租户 ID,如下所示:
interactive_auth = InteractiveLoginAuthentication(tenant_id=tenant_id)
workspace = Workspace.get(name=workspace_name,
subscription_id=subscription_id,
resource_group=resource_group,
auth=interactive_auth)
- 现在重要的部分:您需要使用公司 B 的
tenant_id(我一直使用公司 A,因为我认为那是我的身份验证点)
- 当然,当你阅读它时,这是显而易见的......就像现在对我来说:)
希望对您有所帮助。花了我一些时间但学到了很多东西 ;)
在 Azure 计算实例上工作并尝试从 Jupyter 实验室连接到工作区时,我经常 运行 遇到问题。
使用 InteractiveLoginAuthentication 我收到以下消息:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
对于这个服务委托人(SP 是 ML 工作区中的所有者):
WorkspaceException: WorkspaceException:
Message: No workspaces found with name=xxx in all the subscriptions that you have access to.
InnerException None
ErrorResponse
{
"error": {
"message": "No workspaces found with name=xxx in all the subscriptions that you have access to."
}
}
我在不同的订阅中有另一个工作区,我可以通过将 tennant 作为 InteractiveLoginAuthentication 的额外输入来解决它。这一次,没机会了。
不过,有趣的是,我可以在本地计算机上通过 InteractiveLoginAuthentication 登录到工作区。
我怀疑某些旧令牌缓存在某处,因此我尝试使用浏览器的“隐私浏览”功能。此外,我删除了 /home/azureuser/.azure/accessTokens.json 但没有效果。
也许你们中的一些人以前遇到过这个问题并且有想法?
作为参考,我查看了一些网站:
- https://docs.microsoft.com/en-us/azure/machine-learning/how-to-setup-authentication
- https://github.com/Azure/MachineLearningNotebooks/blob/master/how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb
- https://github.com/Azure/azure-cli/issues/4618
- https://github.com/Azure/azure-cli/issues/6147
更新
当我运行这段代码时:
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id='xxx')
ws = Workspace.get(name='xxx',
subscription_id='xxx',
resource_group='xxx',
auth=interactive_auth)
我得到以下跟踪:
---------------------------------------------------------------------------
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
288 module_logger.debug("{} acquired lock in {} s.".format(type(self).__name__, duration))
--> 289 return test_function(self, *args, **kwargs)
290 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
During handling of the above exception, another exception occurred:
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
<ipython-input-2-fd1276999d15> in <module>
5 subscription_id='00c983e5-d766-480b-be75-abf95d1a46c3',
6 resource_group='BusinessIntelligence',
----> 7 auth=interactive_auth)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in get(name, auth, subscription_id, resource_group)
547
548 result_dict = Workspace.list(
--> 549 subscription_id, auth=auth, resource_group=resource_group)
550 result_dict = {k.lower(): v for k, v in result_dict.items()}
551 name = name.lower()
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in list(subscription_id, auth, resource_group)
637 elif subscription_id and resource_group:
638 workspaces_list = Workspace._list_legacy(
--> 639 auth, subscription_id=subscription_id, resource_group_name=resource_group)
640
641 Workspace._process_autorest_workspace_list(
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1373 return None
1374 else:
-> 1375 raise e
1376
1377 @staticmethod
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1367 # azureml._base_sdk_common.workspace.models.workspace.Workspace
1368 workspace_autorest_list = _commands.list_workspace(
-> 1369 auth, subscription_id=subscription_id, resource_group_name=resource_group_name)
1370 return workspace_autorest_list
1371 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_project/_commands.py in list_workspace(auth, subscription_id, resource_group_name)
386 if resource_group_name:
387 list_object = WorkspacesOperations.list_by_resource_group(
--> 388 auth._get_service_client(AzureMachineLearningWorkspaces, subscription_id).workspaces,
389 resource_group_name)
390 workspace_list = list_object.value
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_service_client(self, client_class, subscription_id, subscription_bound, base_url)
155 # in the multi-tenant case, which causes confusion.
156 if subscription_id:
--> 157 all_subscription_list, tenant_id = self._get_all_subscription_ids()
158 self._check_if_subscription_exists(subscription_id, all_subscription_list, tenant_id)
159
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_all_subscription_ids(self)
497 :rtype: list, str
498 """
--> 499 arm_token = self._get_arm_token()
500 return self._get_all_subscription_ids_internal(arm_token)
501
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
293 InteractiveLoginAuthentication(force=True, tenant_id=self._tenant_id)
294 # Try one more time
--> 295 return test_function(self, *args, **kwargs)
296 else:
297 raise e
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
473 return self._ambient_auth._get_arm_token()
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
477 @_login_on_failure_decorator(_interactive_auth_lock)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
588 profile_object = Profile(async_persist=False, cloud_type=cloud_type)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
592 if self._tenant_id and fetch_tenantid_from_aad_token(arm_token) != self._tenant_id:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
324 while True:
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
328 if "Connection aborted." in str(e) and attempt <= retries:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1828 if not token_about_to_expire:
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
1832 try:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
azureml-sdk是版本 1.9.0- 我可以从本地计算机连接身份验证。只有当我想在计算实例上工作时才会出现问题。
我遇到了同样的问题,下面的代码使用 AZURE ML SDK 获取租户 ID 并使用交互式身份验证,工作正常。
import os
import azureml
from azureml.core import Workspace
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id=" ")
ws = Workspace(subscription_id="",
resource_group="",
workspace_name="",
auth=interactive_auth)
print("Found workspace {} at location {}".format(ws.name, ws.location))
这是我推荐您尝试的另外两种方法:
设置来自 Azure 的租户 ID shell 并将“auth”参数跳过到 Workspace(…)
az 帐户设置-s **********
az account set -s ********** 并且 python SDK 代码为
从 azureml.core.authentication 导入 AzureCliAuthentication
cli_auth = AzureCliAuthentication()
将 cli_auth 传递给 auth 参数而不是 interactivelogin 对象
这通常有两个原因:
您的令牌不适用于正确的租户。在这种情况下,您需要传递包含您的工作区的订阅的
tenantId。ServicePrincipalAuthenticationclass 将tenanatId作为参数。确保传递正确的值。该订阅中的工作区有一个大写字母的名称。这是大约三个月前修复的 SDK 端错误。确保您使用的是最新的 SDK。
能否分享一下您使用的SDK版本?此外,以下错误是否仅发生在计算实例中,还是即使您 运行 来自另一台机器的 SDK 也会发生?
WorkspaceException: WorkspaceException: Message: No workspaces found with name=xxx in all the subscriptions that you have access to. InnerException None ErrorResponse { "error": { "message": "No workspaces found with name=xxx in all the subscriptions that you have access to." } }
示例代码片段以及完整的堆栈跟踪可以帮助我们更好地调查此问题。
好的,这是答案:
- 你在 Azure 上的公司 A 工作。
- 您可以访问公司 B 的订阅。
- 问题是:您在 ML-Studio 中关联到 A 的 AAD。
- 您需要在
InteractiveLoginAuthentication中指定租户 ID,如下所示:
interactive_auth = InteractiveLoginAuthentication(tenant_id=tenant_id)
workspace = Workspace.get(name=workspace_name,
subscription_id=subscription_id,
resource_group=resource_group,
auth=interactive_auth)
- 现在重要的部分:您需要使用公司 B 的
tenant_id(我一直使用公司 A,因为我认为那是我的身份验证点) - 当然,当你阅读它时,这是显而易见的......就像现在对我来说:)
希望对您有所帮助。花了我一些时间但学到了很多东西 ;)