Authenticating with Azure Arc Managed Identity endpoint from Docker container

Isabella de Leon 0 Reputation points Microsoft Employee
2024-06-12T23:18:27.2466667+00:00

I'm currently able to follow this authentication flow on my Azure Arc enabled machine to get an access token for Azure resources: https://learn.microsoft.com/en-us/azure/azure-arc/servers/managed-identity-authentication

I'd like to follow a similar process from a Docker container running on my Azure Arc machine - however I haven't been able to successfully get a challenge/access token from the container.

Can anyone provide insight on whether this is possible?

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
437 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alan La Pietra (CSA) 80 Reputation points Microsoft Employee
    2024-07-01T08:22:46.2433333+00:00

    Yes, it is possible to authenticate with Azure Arc Managed Identity endpoint from a Docker container running on your Azure Arc machine. You can use the same authentication flow as described in the documentation you shared. To authenticate from a Docker container, you need to ensure that the container has access to the Azure Arc Managed Identity endpoint. You can do this by setting the IDENTITY_ENDPOINT and IDENTITY_HEADER environment variables in the container to the values of the same variables on the host machine. Once you have set these environment variables, you can make an HTTP GET request to the Azure Arc Managed Identity endpoint from within the container to get an access token for Azure resources. The endpoint URL is http://localhost:40342/metadata/identity/oauth2/token. Here is an example of how you can get an access token from within a Docker container running on an Azure Arc machine: bash # Set the environment variables export IDENTITY_ENDPOINT="[http://localhost:40342](http://localhost:40342)" export IDENTITY_HEADER="X-IDENTITY-HEADER" # Get the access token ACCESS_TOKEN=$(curl -H Metadata:true "[http://localhost:40342/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com/](http://localhost:40342/metadata/identity/oauth2/token?api-version=2019-08-01&resource=https://management.azure.com/)" | jq -r '.access_token') This example uses the curl command to make an HTTP GET request to the Azure Arc Managed Identity endpoint and the jq command to extract the access token from the response. I hope this helps! Let me know if you have any further questions.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.