Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Devicelogin blocked by unknown device platform conditional access policy #199

Open
jorik90 opened this issue Feb 17, 2023 · 3 comments
Open

Devicelogin blocked by unknown device platform conditional access policy #199

jorik90 opened this issue Feb 17, 2023 · 3 comments

Comments

@jorik90
Copy link

jorik90 commented Feb 17, 2023

I'm trying to connect to my AKS cluster using the (default) devicelogin. Since kubelogin is not sending anything to identify the device (like an user-agent), the Azure built-in conditional access policy 'CA010: Block access for unknown or unsupported device platform' blocks the access.

Using kubelogin convert-kubeconfig -l interactive or kubelogin convert-kubeconfig -l azurecli on the same machine works fine.
@weinong
Copy link
Contributor

weinong commented Feb 21, 2023

Hi @jorik90, your observation is correct. Device Login doesn't work with Conditional Access policy. I can update the readme to point this out.

@jorik90
Copy link
Author

jorik90 commented Feb 24, 2023

That would be a nice first step. Maybe it's possible to also provide a user-agent so some policies can comply?

@weinong
Copy link
Contributor

weinong commented Feb 27, 2023

@jorik90 you can update the policy using the client app ID (80faf920-1908-4b52-b5ef-a8e7bedfc67a) or server appID (6dae42f8-4368-4678-94ff-3960e28e3630)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jorik90 @weinong