在处理Azure Compute实例并尝试从Jupyter Lab连接到工作区时,我经常遇到问题。
通过InteractiveLoginAuthentication我得到以下消息:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
使用服务主体(SP是ML工作区的所有者):
WorkspaceException: WorkspaceException:
Message: No workspaces found with name=xxx in all the subscriptions that you have access to.
InnerException None
ErrorResponse
{
"error": {
"message": "No workspaces found with name=xxx in all the subscriptions that you have access to."
}
}
我在不同的订阅中有另一个工作区,我可以通过将租户作为InteractiveLoginAuthentication的额外输入来解决它。这次没有机会。
不过,有趣的是,当我从本地计算机上进行操作时,我可以通过InteractiveLoginAuthentication登录到工作区。
我认为某些旧令牌存储在某处,因此我尝试使用浏览器的“私人浏览”功能。此外,我删除了/home/azureuser/.azure/accessTokens.json,但没有任何作用。
也许你们当中有些人以前有过这个问题并且有想法?
作为参考,我检查了一些站点:
当我运行此代码时:
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id='xxx')
ws = Workspace.get(name='xxx',
subscription_id='xxx',
resource_group='xxx',
auth=interactive_auth)
我得到以下跟踪:
---------------------------------------------------------------------------
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
288 module_logger.debug("{} acquired lock in {} s.".format(type(self).__name__, duration))
--> 289 return test_function(self, *args, **kwargs)
290 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
During handling of the above exception, another exception occurred:
AdalError Traceback (most recent call last)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1820 auth, _, _ = profile_object.get_login_credentials(resource)
-> 1821 access_token = auth._token_retriever()[1]
1822 if (_get_exp_time(access_token) - time.time()) < _TOKEN_REFRESH_THRESHOLD_SEC:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in _retrieve_token()
525 return self._creds_cache.retrieve_token_for_user(username_or_sp_id,
--> 526 account[_TENANT_ID], resource)
527 use_cert_sn_issuer = account[_USER_ENTITY].get(_SERVICE_PRINCIPAL_CERT_SN_ISSUER_AUTH)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_vendor/azure_cli_core/_profile.py in retrieve_token_for_user(self, username, tenant, resource)
889 context = self._auth_ctx_factory(self._cloud_type, tenant, cache=self.adal_token_cache)
--> 890 token_entry = context.acquire_token(resource, username, _CLIENT_ID)
891 if not token_entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in acquire_token(self, resource, user_id, client_id)
144
--> 145 return self._acquire_token(token_func)
146
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in _acquire_token(self, token_func, correlation_id)
127 self.authority.validate(self._call_context)
--> 128 return token_func(self)
129
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/authentication_context.py in token_func(self)
142 token_request = TokenRequest(self._call_context, self, client_id, resource)
--> 143 return token_request.get_token_from_cache_with_refresh(user_id)
144
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in get_token_from_cache_with_refresh(self, user_id)
346 self._user_id = user_id
--> 347 return self._find_token_from_cache()
348
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/token_request.py in _find_token_from_cache(self)
126 cache_query = self._create_cache_query()
--> 127 return self._cache_driver.find(cache_query)
128
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in find(self, query)
195 {"query": log.scrub_pii(query)})
--> 196 entry, is_resource_tenant_specific = self._load_single_entry_from_cache(query)
197 if entry:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/adal/cache_driver.py in _load_single_entry_from_cache(self, query)
123 else:
--> 124 raise AdalError('More than one token matches the criteria. The result is ambiguous.')
125
AdalError: More than one token matches the criteria. The result is ambiguous.
During handling of the above exception, another exception occurred:
AuthenticationException Traceback (most recent call last)
<ipython-input-2-fd1276999d15> in <module>
5 subscription_id='00c983e5-d766-480b-be75-abf95d1a46c3',
6 resource_group='BusinessIntelligence',
----> 7 auth=interactive_auth)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in get(name, auth, subscription_id, resource_group)
547
548 result_dict = Workspace.list(
--> 549 subscription_id, auth=auth, resource_group=resource_group)
550 result_dict = {k.lower(): v for k, v in result_dict.items()}
551 name = name.lower()
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in list(subscription_id, auth, resource_group)
637 elif subscription_id and resource_group:
638 workspaces_list = Workspace._list_legacy(
--> 639 auth, subscription_id=subscription_id, resource_group_name=resource_group)
640
641 Workspace._process_autorest_workspace_list(
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1373 return None
1374 else:
-> 1375 raise e
1376
1377 @staticmethod
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/workspace.py in _list_legacy(auth, subscription_id, resource_group_name, ignore_error)
1367 # azureml._base_sdk_common.workspace.models.workspace.Workspace
1368 workspace_autorest_list = _commands.list_workspace(
-> 1369 auth, subscription_id=subscription_id, resource_group_name=resource_group_name)
1370 return workspace_autorest_list
1371 except Exception as e:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/_project/_commands.py in list_workspace(auth, subscription_id, resource_group_name)
386 if resource_group_name:
387 list_object = WorkspacesOperations.list_by_resource_group(
--> 388 auth._get_service_client(AzureMachineLearningWorkspaces, subscription_id).workspaces,
389 resource_group_name)
390 workspace_list = list_object.value
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_service_client(self, client_class, subscription_id, subscription_bound, base_url)
155 # in the multi-tenant case, which causes confusion.
156 if subscription_id:
--> 157 all_subscription_list, tenant_id = self._get_all_subscription_ids()
158 self._check_if_subscription_exists(subscription_id, all_subscription_list, tenant_id)
159
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_all_subscription_ids(self)
497 :rtype: list, str
498 """
--> 499 arm_token = self._get_arm_token()
500 return self._get_all_subscription_ids_internal(arm_token)
501
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in wrapper(self, *args, **kwargs)
293 InteractiveLoginAuthentication(force=True, tenant_id=self._tenant_id)
294 # Try one more time
--> 295 return test_function(self, *args, **kwargs)
296 else:
297 raise e
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token(self)
473 return self._ambient_auth._get_arm_token()
474 else:
--> 475 return self._get_arm_token_using_interactive_auth()
476
477 @_login_on_failure_decorator(_interactive_auth_lock)
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_using_interactive_auth(self, force_reload, resource)
588 profile_object = Profile(async_persist=False, cloud_type=cloud_type)
589 arm_token = _get_arm_token_with_refresh(profile_object, cloud_type, ACCOUNT, CONFIG, SESSION,
--> 590 get_config_dir(), force_reload=force_reload, resource=resource)
591 # If a user has specified a tenant id then we need to check if this token is for that tenant.
592 if self._tenant_id and fetch_tenantid_from_aad_token(arm_token) != self._tenant_id:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in connection_aborted_wrapper(*args, **kwargs)
324 while True:
325 try:
--> 326 return function(*args, **kwargs)
327 except AuthenticationException as e:
328 if "Connection aborted." in str(e) and attempt <= retries:
/anaconda/envs/azureml_py36/lib/python3.6/site-packages/azureml/core/authentication.py in _get_arm_token_with_refresh(profile_object, cloud_type, account_object, config_object, session_object, config_directory, force_reload, resource)
1828 if not token_about_to_expire:
1829 raise AuthenticationException("Could not retrieve user token. Please run 'az login'",
-> 1830 inner_exception=e)
1831
1832 try:
AuthenticationException: AuthenticationException:
Message: Could not retrieve user token. Please run 'az login'
InnerException More than one token matches the criteria. The result is ambiguous.
ErrorResponse
{
"error": {
"code": "UserError",
"inner_error": {
"code": "Authentication"
},
"message": "Could not retrieve user token. Please run 'az login'"
}
}
azureml-sdk的版本为1.9.0 答案 0 :(得分:1)
我遇到了相同的问题,并且以下代码采用了承租人ID,并且使用AZURE ML SDK可以正常使用交互式身份验证。
import os
import azureml
from azureml.core import Workspace
from azureml.core.authentication import InteractiveLoginAuthentication
interactive_auth = InteractiveLoginAuthentication(tenant_id=" ")
ws = Workspace(subscription_id="",
resource_group="",
workspace_name="",
auth=interactive_auth)
print("Found workspace {} at location {}".format(ws.name, ws.location))
这些是我建议您尝试的其他两种方法:
从Azure shell设置租户ID,然后将“ auth”参数跳过到Workspace(...)
az帐户集-s **********
az帐户设置-s **********,而python SDK代码为
从azureml.core.authentication导入AzureCliAuthentication
cli_auth = AzureCliAuthentication()
将cli_auth传递给auth参数,而不是交互式登录对象
答案 1 :(得分:0)
通常可能由于两个原因而发生:
您的令牌不是针对正确的租户的。在这种情况下,您需要传递保存工作空间的预订的break。 tenantId类将ServicePrincipalAuthentication作为参数。确保传递正确的值。
该订阅中的工作空间的名称带有大写字母。这是一个SDK附带的错误,大约三个月前已修复。确保您使用的是最新的SDK。
可以共享您使用的SDK版本吗?此外,以下错误是否仅在计算实例上发生,或者即使从其他计算机上运行SDK也会发生?
WorkspaceException:WorkspaceException: 消息:在您有权访问的所有订阅中都找不到名称为xxx的工作空间。 InnerException无 错误响应 { “错误”:{ “ message”:“在您有权访问的所有订阅中找不到名称为xxx的工作空间。” } }
示例代码片段以及完整的堆栈跟踪信息可以帮助我们更好地调查此问题。
答案 2 :(得分:0)
好的,这是答案:
InteractiveLoginAuthentication中指定租户ID,如下所示:interactive_auth = InteractiveLoginAuthentication(tenant_id=tenant_id)
workspace = Workspace.get(name=workspace_name,
subscription_id=subscription_id,
resource_group=resource_group,
auth=interactive_auth)
tenant_id(因为我一直认为我是认证点,所以一直使用公司A)希望这对您有所帮助。花了我一些时间,但学到了很多;)