我正在尝试使用 cli 对 Azure 容器注册表进行身份验证。我正在使用主题名称和颁发者身份验证,并使用服务主体对 Azure 进行身份验证。
这就是我登录 azure 所做的事情
az login --service-principal --use-cert-sn-issuer -u {app id} -p {certificate .pem file} --tenant {tenant id}
它有效,然后我尝试使用以下命令登录到 acr:
az acr login --name {acr name}
它失败了:
The command failed with an unexpected error. Here is the traceback:
Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS700027: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: {Thumbprint}, Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/{app id}' to see configured keys]\r\nTrace ID: 4546d682-75b6-4a8b-9c03-11f4821c5f00\r\nCorrelation ID: 02e4c324-25a9-47ff-a5ba-afdeec0ce5ec\r\nTimestamp: 2020-06-23 08:12:00Z","error_codes":[700027],"timestamp":"2020-06-23 08:12:00Z","trace_id":"4546d682-75b6-4a8b-9c03-11f4821c5f00","correlation_id":"02e4c324-25a9-47ff-a5ba-afdeec0ce5ec","error_uri":"https://login.microsoftonline.com/error?code=700027"}
可能是什么问题呢?