azure-cli
azure-cli copied to clipboard
Azure
az network bastion rdp --auth-type AAD - Unable to change AAD user after first logon
Describe the bug
Not sure if this is a bug in documentation or implementation... It could also be "by design" and should instead be a Feature request.
When I authenticate using AAD with the native RDP client it works fine, but I cannot find a way to change the AAD identity since I get automatically signed in to the remote VM automatically after first successful sign-in.
Related command
az network bastion rdp --auth-type AAD
Errors
No prompted to sign-in
Issue script & Debug output
In the debug output I see... msal.application: Cache hit an AT msal.telemetry: Generate or reuse correlation_id: 59c10bc4-44dd-492f-a1bb-171ae732b55e
Expected behavior
Some way to be able to clear the cached RDP credentials to sign-in again as another user.
Environment Summary
azure-cli 2.55.0
core 2.55.0 telemetry 1.1.0
Extensions: bastion 0.3.0 ssh 2.0.2 webapp 0.4.0
Dependencies: msal 1.24.0b2 azure-mgmt-resource 23.1.0b2
Python location 'C:\Program Files\Microsoft SDKs\Azure\CLI2\python.exe' Extensions directory 'C:\Users\kent.azure\cliextensions'
Python (Windows) 3.11.5 (tags/v3.11.5:cce6ba9, Aug 24 2023, 14:38:34) [MSC v.1936 64 bit (AMD64)]
Additional context
No response
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @aznetsuppgithub.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @bastionsuppgithub.
This issue has me really stuck, is there no way to force clearing the cached creds? I've tried rebooting both the connecting client machine and the target Azure VM, no change. I've also tried az logout, az account clear etc, no change!!!
This issue has me really stuck, is there no way to force clearing the cached creds? I've tried rebooting both the connecting client machine and the target Azure VM, no change. I've also tried az logout, az account clear etc, no change!!!
I faced the same issue yesterday. If you revoke the session (Entra ID -> User) for the account which credentials are cached, you should get a new popup to choose the account. That certainly worked for me.
