This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 64%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESS%3C/text%3E%3C/svg%3E)
My github workflow has the following step:
- name: Az CLI login for connecting to ADB2C instance
uses: azure/login@v2
with:
client-id: ${{ secrets.AZURE_CLIENT_ID }}
tenant-id: ${{ secrets.AZURE_TENANT_ID }}
audience: api://AzureADTokenExchange
allow-no-subscriptions: true
enable-AzPSSession: true
I get the error:
AADSTS700213: No matching federated identity record found for presented assertion subject 'repo:{orgname}/{repo}:environment:staging'.
But in my app registration that has the client id and tenant id used above, the federated credential is configured to use a branch entity type and the branch "staging" is specified. The Subject identifier is "repo:{orgname}/{repo}:ref:refs/heads/staging"
I can't figure out why this step is insisting that this should be an environment entity rather than a branch entity. It's obviously obtaining the info from the app registration because it knows the configured organization and repo, and even the environment (which has the same name as the branch).
What's the trick to make this work?