DefaultAzureCredential 身份验证失败。 IntelliJCredential 身份验证失败。错误详细信息:无法识别的字段 "tenantId"

DefaultAzureCredential authentication failed. IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId"

我正在尝试使用带有 Azure 云资源管理和身份 API 的 azure java SDK 从 azure 客户端创建资源组。我在 IntelliJ 中使用 Azure 工具插件(我能够使用 azure CLI 和服务原则登录)。下面是我的代码:

    AzureProfile profile = new AzureProfile(AzureEnvironment.AZURE);
    TokenCredential credential = new DefaultAzureCredentialBuilder()
            .authorityHost(profile.getEnvironment().getActiveDirectoryEndpoint())
            .build();
    AzureResourceManager azureResourceManager = AzureResourceManager
            .configure()
            .withLogLevel(HttpLogDetailLevel.BASIC)
            .authenticate(credential, profile)
            .withDefaultSubscription();
    
    ResourceGroup rg = azureResourceManager.resourceGroups().define(resourceGroupName)
            .withRegion(Region.fromName(region))
            .create();

但是当我执行此操作时出现以下错误:

2021-06-20 00:39:32.971 ERROR 67464 --- [           main] c.azure.identity.EnvironmentCredential   : Azure Identity => ERROR in EnvironmentCredential: Missing required environment variable AZURE_CLIENT_ID
2021-06-20 00:39:33.825 ERROR 67464 --- [           main] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:39:33.827  INFO 67464 --- [           main] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:39:35.340 ERROR 67464 --- [           main] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:39:35.344 ERROR 67464 --- [           main] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:39:35.344  INFO 67464 --- [           main] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:39:35.423 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:39:35.423  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:39:35.426 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:39:35.426 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:40:05.431 ERROR 67464 --- [     parallel-2] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:40:05.432  INFO 67464 --- [     parallel-2] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:40:05.433 ERROR 67464 --- [     parallel-2] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, No route to host (connect failed).
2021-06-20 00:40:05.434 ERROR 67464 --- [     parallel-2] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, No route to host (connect failed).
2021-06-20 00:40:05.434  INFO 67464 --- [     parallel-2] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:40:05.435 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:40:05.435  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:40:05.438 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:40:05.438 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:40:35.439 ERROR 67464 --- [     parallel-4] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:40:35.440  INFO 67464 --- [     parallel-4] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:40:36.945 ERROR 67464 --- [     parallel-4] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:40:36.946 ERROR 67464 --- [     parallel-4] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:40:36.946  INFO 67464 --- [     parallel-4] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:40:36.947 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:40:36.947  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:40:36.950 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:40:36.950 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.
2021-06-20 00:41:06.954 ERROR 67464 --- [     parallel-6] c.azure.identity.EnvironmentCredential   : EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
2021-06-20 00:41:06.954  INFO 67464 --- [     parallel-6] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential EnvironmentCredential is unavailable.
2021-06-20 00:41:08.459 ERROR 67464 --- [     parallel-6] c.a.i.implementation.IdentityClient      : ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:41:08.460 ERROR 67464 --- [     parallel-6] c.a.identity.ManagedIdentityCredential   : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: ManagedIdentityCredential authentication unavailable. Connection to IMDS endpoint cannot be established, connect timed out.
2021-06-20 00:41:08.460  INFO 67464 --- [     parallel-6] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential ManagedIdentityCredential is unavailable.
2021-06-20 00:41:08.461 ERROR 67464 --- [nPool-worker-19] c.a.identity.SharedTokenCacheCredential  : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: SharedTokenCacheCredential authentication unavailable. No accounts were found in the cache.
2021-06-20 00:41:08.461  INFO 67464 --- [nPool-worker-19] c.azure.identity.DefaultAzureCredential  : Azure Identity => Attempted credential SharedTokenCacheCredential is unavailable.
2021-06-20 00:41:08.463 ERROR 67464 --- [nPool-worker-19] com.azure.identity.IntelliJCredential    : Azure Identity => ERROR in getToken() call for scopes [https://management.core.windows.net//.default]: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
2021-06-20 00:41:08.463 ERROR 67464 --- [nPool-worker-19] c.a.c.implementation.AccessTokenCache    : Failed to acquire a new access token.

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.hyperion.mongo.service.AzureServices]: Constructor threw exception; nested exception is java.lang.RuntimeException: Max retries 3 times exceeded. Error Details: DefaultAzureCredential authentication failed. ---> IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    x
Caused by: com.azure.core.exception.ClientAuthenticationException: DefaultAzureCredential authentication failed. ---> IntelliJCredential authentication failed. Error Details: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    at com.azure.identity.ChainedTokenCredential.lambda$getToken(ChainedTokenCredential.java:62) ~[azure-identity-1.3.1.jar:na]
    at reactor.core.publisher.Mono.lambda$onErrorResume(Mono.java:3460) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxOnErrorResume$ResumeSubscriber.onError(FluxOnErrorResume.java:94) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxPeekFuseable$PeekFuseableSubscriber.onError(FluxPeekFuseable.java:234) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoPeekTerminal$MonoTerminalPeekSubscriber.onError(MonoPeekTerminal.java:258) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxPeekFuseable$PeekConditionalSubscriber.onError(FluxPeekFuseable.java:903) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxMap$MapConditionalSubscriber.onError(FluxMap.java:259) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators$MultiSubscriptionSubscriber.onError(Operators.java:2062) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators.error(Operators.java:197) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoError.subscribe(MonoError.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Mono.subscribe(Mono.java:4046) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxSwitchIfEmpty$SwitchIfEmptySubscriber.onComplete(FluxSwitchIfEmpty.java:81) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Operators.complete(Operators.java:136) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoEmpty.subscribe(MonoEmpty.java:45) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:52) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.Mono.subscribe(Mono.java:4046) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxFlatMap$FlatMapMain.onNext(FluxFlatMap.java:425) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxIterable$IterableSubscription.slowPath(FluxIterable.java:270) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxIterable$IterableSubscription.request(FluxIterable.java:228) ~[reactor-core-3.4.3.jar:3.4.3]
    at reactor.core.publisher.FluxFlatMap$FlatMapMain.drainLoop(FluxFlatMap.java:789) ~[reactor-core-3.4.3.jar:3.4.3]
    ... 28 common frames omitted
Caused by: com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "tenantId" (class com.azure.identity.implementation.IntelliJAuthMethodDetails), not marked as ignorable (4 known properties: "authMethod", "azureEnv", "accountEmail", "credFilePath"])
 at [Source: (File); line: 1, column: 34] (through reference chain: com.azure.identity.implementation.IntelliJAuthMethodDetails["tenantId"])
    at com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException.from(UnrecognizedPropertyException.java:61) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.DeserializationContext.handleUnknownProperty(DeserializationContext.java:855) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.std.StdDeserializer.handleUnknownProperty(StdDeserializer.java:1212) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownProperty(BeanDeserializerBase.java:1604) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializerBase.handleUnknownVanilla(BeanDeserializerBase.java:1582) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.vanillaDeserialize(BeanDeserializer.java:299) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.deser.BeanDeserializer.deserialize(BeanDeserializer.java:156) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.ObjectMapper._readMapAndClose(ObjectMapper.java:4526) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.fasterxml.jackson.databind.ObjectMapper.readValue(ObjectMapper.java:3333) ~[jackson-databind-2.11.4.jar:2.11.4]
    at com.azure.identity.implementation.IntelliJCacheAccessor.getAuthDetailsIfAvailable(IntelliJCacheAccessor.java:256) ~[azure-identity-1.3.1.jar:na]
    at com.azure.identity.implementation.IdentityClient.authenticateWithIntelliJ(IdentityClient.java:302) ~[azure-identity-1.3.1.jar:na]
    at com.azure.identity.IntelliJCredential.lambda$getToken(IntelliJCredential.java:87) ~[azure-identity-1.3.1.jar:na]
    at reactor.core.publisher.MonoDefer.subscribe(MonoDefer.java:44) ~[reactor-core-3.4.3.jar:3.4.3]

我还在环境变量中导出了以下内容:

$ export AZURE_CLIENT_ID=2XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXb
$ export AZURE_TENANT_ID=1XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXe
$ export AZURE_CLIENT_SECRET=6XXXXXXXXf

下面是我的POM.xml:

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.3.1</version>
</dependency>
<dependency>
    <groupId>com.azure.resourcemanager</groupId>
    <artifactId>azure-resourcemanager</artifactId>
    <version>2.6.0</version>
</dependency>

如果使用 IntelliJ IDEA 进行身份验证,

1)KeePass Windows.

需要配置

2) 用户已在 IntelliJ IDEA 中使用 Azure 帐户登录。

3) 使用 System.getEnv("AZURE_TENANT_ID") 检查环境变量。

使用DefaultAzureCredential时,请注意两个提示。

  • 在构建器或环境变量 AZURE_TENANT_ID 上设置 .tenantId(String)DefaultAzureCredential 配置为向特定租户验证共享令牌缓存,Visual Studio 代码,以及 IntelliJ IDEA.

  • 在构建器上设置 .intelliJKeePassDatabasePath(String)DefaultAzureCredential 配置为在使用 IntelliJ 凭据进行身份验证时读取特定的 KeePass 文件.

代码:

DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
  .intelliJKeePassDatabasePath("C:\Users\user\AppData\Roaming\JetBrains\IdeaIC2020.1\c.kdbx")
  .tenantId(String) // add tenantId, if not set environment variables 
  .build();

此外,您可以将 IntelliJCredential.keePassDatabasePath(String) 结合使用,尤其是对于 IntelliJ。

在使用环境变量进行身份验证时,以下步骤对我有用:

  1. 编辑 ~./bash_profile 并添加以下变量:

    导出 AZURE_CLIENT_ID=XXXX-XXX-XXXX-XXXX-XXXXXXX
    导出 AZURE_TENANT_ID=XXXX-XXX-XXXX-XXXX-XXXXXXX
    导出 AZURE_CLIENT_SECRET=XXXXXXXXXXXXXXX

  2. 重新启动 IntelliJ(强制),因为除非您重新启动 IDE.

    ,否则环境变量中的更改不会生效