![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 73%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKQ%3C/text%3E%3C/svg%3E)
Azure Cache for Redis
An Azure service that provides access to a secure, dedicated Redis cache, managed by Microsoft.
305 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 49%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVK%3C/text%3E%3C/svg%3E)
Hi Kefei Qian
Greetings!
As we understand that, you are trying to connect to a Redis instance in another tenant using Entra ID authentication but are running into an issue with the authentication process.
Here are a few things to check:
- Ensure Entra ID Authentication is Enabled: Verify that Microsoft Entra authentication is enabled for your Redis instance in Tenant B. You can do this in the Azure portal under Settings > Authentication.
- Use the Correct Username Format: Instead of using the Object ID of the Service Principal, try using its Application ID as the username. Some Redis configurations require this format. please refer this document https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-azure-active-directory-for-authentication#microsoft-entra-client-workflow
- Check Token Acquisition: Double-check how you’re obtaining the token with the Azure.Identity library. It should look something like this:
from azure.identity import ConfidentialClientApplication
client = ConfidentialClientApplication(
client_id='YOUR_CLIENT_ID',
client_secret='YOUR_CLIENT_SECRET',
authority='https://login.microsoftonline.com/YOUR_TENANT_ID'
)
token_response = client.acquire_token_for_client(scopes=["https://redis.azure.com/.default"])
- Authorization Command: After obtaining the token, ensure that your Redis client sends an AUTH command to authenticate with the Redis server using the Object ID as the user and the token as the password.
- Token Expiry Management: Implement a mechanism to refresh the token before it expires to avoid connection disruptions. It’s recommended to fetch a new token at least 3 minutes prior to expiry.
- Firewall and Private Link Configuration: If applicable, make sure that your Redis instance allows traffic from your App Service in Tenant A, which may involve configuring firewall rules or private endpoints.
I would request you to refer the below mentioned links for more information.
https://github.com/redis/redis-py-entraid
I hope this information helps. Please do let us know if you have any further queries.