vscode icon indicating copy to clipboard operation
vscode copied to clipboard
verified publisher icon microsoft

Unable to authenticate to Azure using msal using the Azure machine Learning - Remote extension

Open chris-gibbs opened this issue 7 months ago • 2 comments

Does this issue occur when all extensions are disabled?: Yes

  • VS Code Version: Version: 1.100.2 (system setup) Commit: 848b80aeb52026648a8ff9f7c45a9b0a80641e2e Date: 2025-05-14T21:47:40.416Z Electron: 34.5.1 ElectronBuildId: 11369351 Chromium: 132.0.6834.210 Node.js: 20.19.0 V8: 13.2.152.41-electron.0 OS: Windows_NT x64 10.0.20348
  • OS Version: Windows Server 2019

Steps to Reproduce:

  1. Attempt to sign into Remote Compute in a Azure ML Workspace.
  2. Inbuilt browser window pops up. Shows Microsoft Azure login page
  3. Enter the username / email
  4. Redirected to external IDP. Okta in this case.
  5. Okta automatically detects the local user via Kerberos and attempts to auto sign-in. This is not the correct user, our users use a separate account for privileged access. Typically / in the past, we click the back to login page in order to manually enter the correct sign in username.
  6. The vscode in-built browser automatically redirects and attempts Kerberos again. A Okta sign-in page should be displayed. Endless loop.

Logs attached. Tenant ID has been redacted.

msal-auth-issue.log

Using the 'classic' vs msal our users are able to login using the actual browser instead of the built-in form. While this workaround currently works, there is a deprecation flag on this method with a request to log a issue.

We need the ability to break out to a 'real' browser, or potentially disable built-in browser features, such as kerberos

chris-gibbs avatar May 22 '25 02:05 chris-gibbs

Found this issue while searching for information about a similar issue we're encountering. Did your issue by any chance start this monday and/or after updating the Okta Sign-In Widget to 7.31.1? And is your Okta tenant OIE?

donkzquixote avatar May 22 '25 12:05 donkzquixote

We found this issue after an upgrade of Vscode. We dont use the Okta Sign-in widget or OIE.

The previous (classic) method of using an external browser continues to work as well.

Looks like this might be a different issue than the one you are experiencing @donkzquixote

chris-gibbs avatar May 22 '25 21:05 chris-gibbs

It looks like this issue is related to the Microsoft Identity authentication broker on your OS. This is not a component maintained by VS Code - It simply leverages it for authentication.

Please refer to the Feedback and support section of this post for assistance with these types of issues. This article also talks about what authentication brokers are and why they're important.

TylerLeonhardt avatar May 27 '25 06:05 TylerLeonhardt