az login --identity

[helge12]

Describe the bug

az login --allow-no-subscription did succeed
Then using the login with --identity fails.

Related command

az login --identity

Errors

Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

Issue script & Debug output

no script, just the command

helge@suse15:~> az login --identity --debug
cli.knack.cli: Command arguments: ['login', '--identity', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7ff7e7d4d950>, <function OutputProducer.on_global_arguments at 0x7ff7e7c747b8>, <function CLIQuery.on_global_arguments at 0x7ff7e7c94bf8>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.001 2 9
cli.azure.cli.core: Total (1) 0.001 2 9
cli.azure.cli.core: Loaded 2 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7ff7e6eae7b8>]
az_command_data_logger: command args: login --identity --debug
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/helge/.azure/commands'.
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7ff7e6e65950>, <function register_global_query_examples_argument..register_query_examples at 0x7ff7e6e47158>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7ff7e6e471e0>, <function register_cache_arguments..add_cache_arguments at 0x7ff7e6e472f0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7ff7e7c74840>, <function CLIQuery.handle_query_parameter at 0x7ff7e7c94c80>, <function register_global_query_examples_argument..handle_example_parameter at 0x7ff7e6e470d0>, <function register_ids_argument..parse_ids_arguments at 0x7ff7e6e47268>]
urllib3.connectionpool: Starting new HTTP connection (1): 169.254.169.254:80
urllib3.connectionpool: http://169.254.169.254:80 "GET /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01 HTTP/1.1" 200 1956
msrestazure.azure_active_directory: MSI: Retrieving a token from http://169.254.169.254/metadata/identity/oauth2/token, with payload {'resource': 'https://management.core.windows.net/', 'api-version': '2018-02-01'}
msrestazure.azure_active_directory: MSI: Token retrieved
cli.azure.cli.core._profile: MSI: token was retrieved. Now trying to initialize local accounts...
cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
cli.azure.cli.core.util: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

cli.azure.cli.core.azclierror: CLIInternalError: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: CLIInternalError: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
cli.azure.cli.core.azclierror: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
To open an issue, please run: 'az feedback'
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7ff7e6eae9d8>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 0.262 seconds (init: 0.080, invoke: 0.182)
cli.azure.cli.core.decorators: Suppress exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 60, in
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 53, in
sys.exit(exit_code)
SystemExit: 1

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 509, in get_current_account_user
active_account = self.get_subscription()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 518, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 57, in _decorator
val = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 516, in _get_user_azure_id
return _get_profile().get_current_account_user()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 511, in get_current_account_user
raise CLIError('There are no active accounts.')
knack.util.CLIError: There are no active accounts.

cli.azure.cli.core.decorators: Suppress exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 60, in
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 53, in
sys.exit(exit_code)
SystemExit: 1

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 526, in _get_azure_subscription_id
return _get_profile().get_subscription_id()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 535, in get_subscription_id
return self.get_subscription(subscription)[_SUBSCRIPTION_ID]
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 518, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.

telemetry.save: Save telemetry record of length 5763 in cache
telemetry.check: Returns Positive.
telemetry.main: Begin creating telemetry upload process.
telemetry.process: Creating upload process: "/usr/bin/python3 /usr/lib/python3.6/site-packages/azure/cli/telemetry/init.py /home/helge/.azure"
telemetry.process: Return from creating process
telemetry.main: Finish creating telemetry upload process.

+++++++++++++++++++++++++++++++++++++++++++++++++

Same when specifying an existing user id

helge@suse15:~> az login --identity -u 77ede77e-6c34-4247-bd5d-6db628a5841d --debug
cli.knack.cli: Command arguments: ['login', '--identity', '-u', '77ede77e-6c34-4247-bd5d-6db628a5841d', '--debug']
cli.knack.cli: init debug log:
Enable color in terminal.
cli.knack.cli: Event: Cli.PreExecute []
cli.knack.cli: Event: CommandParser.OnGlobalArgumentsCreate [<function CLILogging.on_global_arguments at 0x7f68475e3950>, <function OutputProducer.on_global_arguments at 0x7f684750a7b8>, <function CLIQuery.on_global_arguments at 0x7f684752abf8>]
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableCreate []
cli.azure.cli.core: Modules found from index for 'login': ['azure.cli.command_modules.profile']
cli.azure.cli.core: Loading command modules:
cli.azure.cli.core: Name Load Time Groups Commands
cli.azure.cli.core: profile 0.001 2 9
cli.azure.cli.core: Total (1) 0.001 2 9
cli.azure.cli.core: Loaded 2 groups, 9 commands.
cli.azure.cli.core: Found a match in the command table.
cli.azure.cli.core: Raw command : login
cli.azure.cli.core: Command table: login
cli.knack.cli: Event: CommandInvoker.OnPreCommandTableTruncate [<function AzCliLogging.init_command_file_logging at 0x7f68469917b8>]
az_command_data_logger: command args: login --identity -u {} --debug
cli.azure.cli.core.azlogging: metadata file logging enabled - writing logs to '/home/helge/.azure/commands'.
cli.knack.cli: Event: CommandInvoker.OnPreArgumentLoad [<function register_global_subscription_argument..add_subscription_parameter at 0x7f6846948950>, <function register_global_query_examples_argument..register_query_examples at 0x7f684692a158>]
cli.knack.cli: Event: CommandInvoker.OnPostArgumentLoad []
cli.knack.cli: Event: CommandInvoker.OnPostCommandTableCreate [<function register_ids_argument..add_ids_arguments at 0x7f684692a1e0>, <function register_cache_arguments..add_cache_arguments at 0x7f684692a2f0>]
cli.knack.cli: Event: CommandInvoker.OnCommandTableLoaded []
cli.knack.cli: Event: CommandInvoker.OnPreParseArgs []
cli.knack.cli: Event: CommandInvoker.OnPostParseArgs [<function OutputProducer.handle_output_argument at 0x7f684750a840>, <function CLIQuery.handle_query_parameter at 0x7f684752ac80>, <function register_global_query_examples_argument..handle_example_parameter at 0x7f684692a0d0>, <function register_ids_argument..parse_ids_arguments at 0x7f684692a268>]
urllib3.connectionpool: Starting new HTTP connection (1): 169.254.169.254:80
urllib3.connectionpool: http://169.254.169.254:80 "GET /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&client_id=77ede77e-6c34-4247-bd5d-6db628a5841d HTTP/1.1" 200 1956
msrestazure.azure_active_directory: MSI: Retrieving a token from http://169.254.169.254/metadata/identity/oauth2/token, with payload {'resource': 'https://management.core.windows.net/', 'api-version': '2018-02-01', 'client_id': '77ede77e-6c34-4247-bd5d-6db628a5841d'}
msrestazure.azure_active_directory: MSI: Token retrieved
cli.azure.cli.core._profile: MSI: token was retrieved. Now trying to initialize local accounts...
cli.azure.cli.core.util: azure.cli.core.util.handle_exception is called with an exception:
cli.azure.cli.core.util: Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

cli.azure.cli.core.azclierror: CLIInternalError: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: CLIInternalError: The command failed with an unexpected error. Here is the traceback:
cli.azure.cli.core.azclierror: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
cli.azure.cli.core.azclierror: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 257, in prepare_key
key = load_pem_private_key(key, password=None)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 18, in load_pem_private_key
return backend.load_pem_private_key(data, password)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1248, in load_pem_private_key
password,
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1475, in _load_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/knack/cli.py", line 231, in invoke
cmd_result = self.invocation.execute(args)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 659, in execute
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 722, in _run_jobs_serially
results.append(self._run_job(expanded_arg, cmd_copy))
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 715, in _run_job
six.reraise(*sys.exc_info())
File "/usr/lib/python3.6/site-packages/six.py", line 703, in reraise
raise value
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 693, in _run_job
result = cmd_copy(params)
File "/usr/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 330, in call
return self.handler(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/init.py", line 784, in default_command_handler
return op(**command_args)
File "/usr/lib/python3.6/site-packages/azure/cli/command_modules/profile/custom.py", line 140, in login
return profile.find_subscriptions_in_vm_with_msi(username, allow_no_subscriptions)
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 367, in find_subscriptions_in_vm_with_msi
decode = jwt.decode(token, verify=False, algorithms=['RS256'])
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 129, in decode
decoded = self.decode_complete(jwt, key, algorithms, options, **kwargs)
File "/usr/lib/python3.6/site-packages/jwt/api_jwt.py", line 105, in decode_complete
**kwargs,
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 182, in decode_complete
self._verify_signature(signing_input, header, signature, key, algorithms)
File "/usr/lib/python3.6/site-packages/jwt/api_jws.py", line 266, in _verify_signature
key = alg_obj.prepare_key(key)
File "/usr/lib/python3.6/site-packages/jwt/algorithms.py", line 259, in prepare_key
key = load_pem_public_key(key)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 23, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1274, in load_pem_public_key
self._handle_key_loading_error()
File "/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1518, in _handle_key_loading_error
"Could not deserialize key data. The data may be in an "
ValueError: Could not deserialize key data. The data may be in an incorrect format or it may be encrypted with an unsupported algorithm.
To open an issue, please run: 'az feedback'
cli.knack.cli: Event: Cli.PostExecute [<function AzCliLogging.deinit_cmd_metadata_logging at 0x7f68469919d8>]
az_command_data_logger: exit code: 1
cli.main: Command ran in 0.262 seconds (init: 0.081, invoke: 0.181)
cli.azure.cli.core.decorators: Suppress exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 60, in
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 53, in
sys.exit(exit_code)
SystemExit: 1

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 509, in get_current_account_user
active_account = self.get_subscription()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 518, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 57, in _decorator
val = func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 516, in _get_user_azure_id
return _get_profile().get_current_account_user()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 511, in get_current_account_user
raise CLIError('There are no active accounts.')
knack.util.CLIError: There are no active accounts.

cli.azure.cli.core.decorators: Suppress exception:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 60, in
raise ex
File "/usr/lib/python3.6/site-packages/azure/cli/main.py", line 53, in
sys.exit(exit_code)
SystemExit: 1

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/azure/cli/core/decorators.py", line 74, in _wrapped_func
return func(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/azure/cli/core/telemetry.py", line 526, in _get_azure_subscription_id
return _get_profile().get_subscription_id()
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 535, in get_subscription_id
return self.get_subscription(subscription)[_SUBSCRIPTION_ID]
File "/usr/lib/python3.6/site-packages/azure/cli/core/_profile.py", line 518, in get_subscription
raise CLIError(_AZ_LOGIN_MESSAGE)
knack.util.CLIError: Please run 'az login' to setup account.

telemetry.save: Save telemetry record of length 5769 in cache
telemetry.check: Negative: The /home/helge/.azure/telemetry.txt was modified at 2024-01-18 20:31:24.773235, which in less than 600.000000 s
helge@suse15:~>

Expected behavior

it should just work but it does not
I have created a MID with role assignment- contributor for resource group
if you do subscription scope, does not change

Environment Summary

Suse 15SP5 Azure VM, fresh deploy from marketplace image

helge@suse15:> az version
{
"azure-cli": "2.17.1",
"azure-cli-core": "2.17.1",
"azure-cli-telemetry": "1.0.6",
"extensions": {}
}
helge@suse15:>

all available updates installed

Additional context

There was an earlier report - it was fixed with installing the azure-cli in different directory /usr/lib/python3.6/site-packages/ and NOT lib64. This is already the case.

helge@suse15:~> sudo ls -la /usr/lib/python3.6/site-packages/ | grep -i azure_cli
drwxr-xr-x 2 root root 130 Dec 12 15:12 azure_cli-2.17.1-py3.6.egg-info
drwxr-xr-x 2 root root 130 Dec 12 15:11 azure_cli_command_modules_nspkg-2.0.3-py3.6.egg-info
drwxr-xr-x 2 root root 130 Dec 12 15:12 azure_cli_core-2.17.1-py3.6.egg-info
drwxr-xr-x 2 root root 130 Dec 12 15:11 azure_cli_nspkg-3.0.4-py3.6.egg-info
drwxr-xr-x 2 root root 130 Dec 12 15:11 azure_cli_telemetry-1.0.6-py3.6.egg-info

This is Azure subscription within Visual Studio Enterprise subscription. I have used it successfully in a normal subscription.

It worked with browser normal az login and and allow no subscription,
helge@suse15:~> az login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code CG6MGLD9P to authenticate.
[
{
"cloudName": "AzureCloud",
<...>

helge@suse15:~> az login --allow-no-subscriptions
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code DTCGF2MBY to authenticate.
[
{
"cloudName": "AzureCloud",
<...>

[azure-client-tools-bot-prd]

Hi @helge12,

2.17.1 is not the latest Azure CLI(2.56.0).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[azure-client-tools-bot-prd]

Hi @helge12
Find similar issue #21376.

Issue title	login with --service-principal results in following error:
Create time	2022-02-21
Comment number	6

---

Please confirm if this resolves your issue.

[yonzhan]

Thank you for opening this issue, we will look into it.

[jiasli]

Azure CLI 2.17.1 is too old and Python 3.6 is not supported. Could you use a supported OS and update to the latest Azure CLI 2.56.0: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux

If you have to use SUSE 15, please update to Azure CLI 2.38.1: https://learn.microsoft.com/en-us/cli/azure/install-azure-cli-linux?pivots=zypper