we have a problem when trying to use Azure DevOps service connection with federation service principal. Looks like that the federation token is expired after 55 min and doesn’t refreshed automatically.
For the example I attached a very simple pipeline that in endless loop runs Set-AzContext to the same subscription ID
This pipeline failed after 56 iterations (with 1 min sleep between them), i.e. Exact time where the token was expired!
trigger: none
stages:
- stage: "create_VM_report"
jobs:
- job: Cost_optimization
displayName: Cost optimization report
timeoutInMinutes: 240
pool:
vmImage: "ubuntu-latest"
steps:
- task: AzurePowerShell@5
displayName: federation service connection test
inputs:
azureSubscription: 'lz-service-connection-ro' ## federation
ScriptType: 'InlineScript'
Inline: |
\## endless loop
$i = 0
while ($true) {
Write-Host "Loop number: $i"
Set-AzContext -SubscriptionId ‘\<put your subs ID\>' ## itbtg-ccoe-lab
Start-Sleep -Seconds 60
$i++
}
azurePowerShellVersion: 'LatestVersion'
pwsh: true
Error message:
Loop number: 55
WARNING:Unable to acquire token for tenant '' with error'A configuration issue is preventing authentication Original exception: AADSTS700024: Client assertion is not within its valid time range. expiry time of assertion