【Azure APIM】调用APIM的备份接口时候遇见Authentication Failed错误

简介: 【Azure APIM】调用APIM的备份接口时候遇见Authentication Failed错误

问题描述

在之前博文中介绍使用System Managed Identity 执行APIM备份到Storage Account的操作时,突然遇见了 Authentication Failed,详细的错误信息显示证书过期。

{

"error": {

"code": "BadRequest",

"message": "Authentication Failed : A configuration issue is preventing authentication - check the error message from the server for details.

You can modify the configuration in the application registration portal. See https://aka.ms/msal-net-invalid-client for details.

Original exception: AADSTS700027: The certificate with identifier used to sign the client assertion is expired on application.

[Reason - The key used is expired.,Thumbprint of key used by client: '3D****************', Found key 'Start=04/28/2024 11:10:00, End=07/28/2024 11:10:00',

Please visit the Azure Portal, Graph Explorer or directly use MS Graph to see configured keys for app Id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'.

Review the documentation at https://docs.microsoft.com/en-us/graph/deployments to determine the corresponding service endpoint and https://docs.microsoft.com/en-us/graph/api/application-get?view=graph-rest-1.0&tabs=http to build a query request URL, such as ' https://microsoftgraph.chinacloudapi.cn/beta/applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'].

Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

Timestamp: 2024-07-29 10:16:32Z ",

"details": null,

"innerError": null

}

}

但是,APIM中被没有证书啊?这个报错从何而来呢?

 

问题解答

根据错误信息中的App ID,在Azure Entira ID服务中,找到它 :这是APIM所启用的 Systemd Identity的企业注册ID。

 

只是。这个证书信息通过门户无法查看。

但是,通过AZ CLI指令(az ad sp show --id)可以查看到,如:

 

根据以上提示,是否想到可以直接通过命令来重置证书呢? 测试发现,因为这个SP是由APIM生成的System Managed Identity,尽管当前登录账号是资源的Owner,也是无权重置Credentials。

PS C:\> az ad sp credential reset --id xx-x-x-x-xxx  --create-cert  

Insufficient privileges to complete the operation.

后面,为了快速的实现APIM的备份操作成功,就通过先关闭APIM的Managed Identity,然后开启的方式重新生成一个ID,之后,证书过期问题得到解决。

请注意:操作时需要非常小心,因为它会改变当前APIM访问其它Azure资源的标识,旧的ID消失后,新ID的权限需要重新配置。

 

参考资料

调用APIM的备份接口时候遇见InvalidParameters错误 : https://www.cnblogs.com/lulight/p/18326145

az ad sp show : https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-show

 

相关文章
|
2月前
【APIM】启用APIM Analytics时遇见Request failed错误
Data collection is required for detailed monitoring, custom dashboards, and more. A Log Analytics workspace is also required for the data storage. You can change the workspace destination at any time in Diagnostic settings. How do I use Log Analytics?
53 12
|
3月前
|
存储 API 网络安全
【Azure APIM】调用APIM的备份接口时候遇见InvalidParameters错误
【Azure APIM】调用APIM的备份接口时候遇见InvalidParameters错误
|
3月前
|
API 开发者
【API管理 APIM】APIM集成内部VNet后,自我访问出现(Unable to connect to the remote server)问题,而Remote Server正是APIM它自己
【API管理 APIM】APIM集成内部VNet后,自我访问出现(Unable to connect to the remote server)问题,而Remote Server正是APIM它自己
|
3月前
|
存储 网络安全 数据中心
【Azure 存储服务】App Service 访问开启防火墙的存储账号时遇见 403 (This request is not authorized to perform this operation.)
【Azure 存储服务】App Service 访问开启防火墙的存储账号时遇见 403 (This request is not authorized to perform this operation.)
【Azure 存储服务】App Service 访问开启防火墙的存储账号时遇见 403 (This request is not authorized to perform this operation.)
|
3月前
|
JSON API 网络架构
【Azure APIM】验证APIM删除后的恢复步骤
【Azure APIM】验证APIM删除后的恢复步骤
|
3月前
|
Python
【Azure 应用服务】Azure Function HTTP Trigger 遇见奇妙的500 Internal Server Error: Failed to forward request to http://169.254.130.x
【Azure 应用服务】Azure Function HTTP Trigger 遇见奇妙的500 Internal Server Error: Failed to forward request to http://169.254.130.x
|
3月前
|
API
【Azure API 管理】解决API Management添加AAD Group时遇见的 Failed to query Azure Active Directory graph due to error 错误
【Azure API 管理】解决API Management添加AAD Group时遇见的 Failed to query Azure Active Directory graph due to error 错误
|
3月前
|
存储 API
【Azure API 管理】为调用APIM的请求启用Trace -- 调试APIM Policy的利器
【Azure API 管理】为调用APIM的请求启用Trace -- 调试APIM Policy的利器
|
3月前
【Azure 应用服务】Azure Function 启用 Managed Identity后, Powershell Funciton出现 ERROR: ManagedIdentityCredential authentication failed
【Azure 应用服务】Azure Function 启用 Managed Identity后, Powershell Funciton出现 ERROR: ManagedIdentityCredential authentication failed
|
3月前
|
消息中间件 API C#
【Azure API 管理】APIM添加Log-to-eventhub的策略后,一些相关APIM与Event Hub的问题
【Azure API 管理】APIM添加Log-to-eventhub的策略后,一些相关APIM与Event Hub的问题