![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 90%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Azure Blob Storage
An Azure service that stores unstructured data in the cloud as blobs.
3,200 questions
Greetings!
The error "No matching federated identity record found for presented assertion subject" occurs when the federated identity credentials (Subject, Audience, and Issuer) configured in Azure AD do not match the presented assertion in the GitHub action. This mismatch prevents Azure AD from authorizing the login request.
To resolve this issue, ensure the following:
- Verify that the federated identity credentials in Azure AD match the details in the presented assertion. This includes:
- Subject: The claim should match the repository and environment in the GitHub action.
- Audience: Ensure it is set correctly, typically
api://AzureADTokenExchange. - Issuer: Should be
https://token.actions.githubusercontent.com.
- Double-check your GitHub action configuration to ensure the correct values are being used.
Here's a step-by-step approach:
- Navigate to the Azure AD App Registration.
- Under Certificates & secrets, verify the federated identity credentials.
- Ensure the subject claim in the GitHub action matches the expected value in Azure AD.
For more detailed guidance, you can follow the official documentation on Azure AD Workload Identity Federation.
Hope this helps. If you have any follow-up questions, please let me know. I would be happy to help.
Please do not forget to "up-vote" wherever the information provided helps you, as this can be beneficial to other community members.