Skip to content

MI doesn't work for environments that don't have a shell #2647

New issue
New issue
Closed
#2824
#2823
Closed
MI doesn't work for environments that don't have a shell#2647
#2824
#2823
Assignees
keegan-caruso
Labels
feature request
Milestone
 
2.18.2
@keegan-caruso

Description

@keegan-caruso
keegan-caruso
opened on Jan 22, 2024

Microsoft.Identity.Web Library

Microsoft.Identity.Web.Certificate

Microsoft.Identity.Web version

latest

Web app

Not Applicable

Web API

Not Applicable

Token cache serialization

Not Applicable

Description

See here: https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.Certificate/KeyVaultCertificateLoader.cs#L49-L53

Azure.Identity will fault if it cannot open a shell, distroless containers will not have a shell so they are guaranteed to fault.

There are options here: https://learn.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredentialoptions?view=azure-dotnet

That allow excluding flows from the authentication chain.

The ability to supply my own or modify the options should work.

Reproduction steps

Use MI on a container build from a distroless image.

Error message

AzureCliCredential authentication failed: An error occurred trying to start process '/bin/sh' with working directory '/bin/'. No such file or directory

Id Web logs

No response

Relevant code snippets

NA

Regression

No response

Expected behavior

Able to use MI in distroless containers.

Metadata

Metadata

Assignees

Labels

feature request

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions