Solvedazure docs RBAC failing on AKS

I walked through the steps here ( and everything works except when I use the logged in credentials (After the step of using admin account to create cluster role binding). After successfully logging in, i get an error "You must be logged in to the server (Unauthorized). In my kube config, I show an access token was retrieved and the token looks correct. Any help would be appreciated

Document Details

Do not edit this section. It is required for ➟ GitHub issue linking.

35 Answers

✔️Accepted Answer

I found that:

"allowPublicClient": true,
"oauth2AllowIdTokenImplicitFlow": true

Was enough in my case. Thank you very much

Other Answers:

I was able to fix this issue with Azure AD v2 application by setting the following in the client manifest:

"allowPublicClient": true,
"oauth2AllowIdTokenImplicitFlow": true,
"signInAudience": "AzureADMultipleOrgs",

I have followed the doc,
could able to perform the checks as in doc.

Issue is while to try to interact with my cluster from Ubuntu client it prompts to logon to using code and succeeds in web page, but in CLI am seeing the Oauth failure - not sure what is wrong.

Sharing the error info as below, any help is much appreciated !

raja@raja-VirtualBox:~$ kubectl get nodes
To sign in, use a web browser to open the page and enter the code BEA87VG84 to authenticate.
E1011 11:53:17.299643 11769 azure.go:126] Failed to acquire a token: acquiring a new fresh token: waiting for device code authentication to complete: autorest/adal/devicetoken: Error while retrieving OAuth token: Unknown Error
To sign in, use a web browser to open the page and enter the code B7YRLNFZ9 to authenticate.

@dstrebel Thanks for the help everyone. I was able to get goups and users logged in. I missed the Grant Permission button after added required permissions to my application.