Connecting to an AKS Cluster Non Interactivity — Part 4

Sequence Flow

  1. We’ll call the MS Identity Platform User Realm API with our UPN e.g. This API will tell us information about this user in terms of whether the account is managed or federated. If federated, it will return the federated Identity Provider (IdP) URL (can be an on prem address) and also the metadata exchange api url.
  2. [If account federated] We’ll then call the metadata exchange api to see what SAML (Security Assertion Markup Language) protocols the the Idp supports
  3. [If account is federated] We’ll now call the Idp endpoint with our credentials and it will return SAML assertion blob of data
  4. [If account is federated] we’ll then call exchange the SAML assert blob for an access token via the OAuth2 flow with a scope of openid, grant type of a saml type. The client in this case will be the default X Platform static ID and the Resource will be ARM (
  5. [If not federated] we’ll call the username and password OAuth2 flow to retrieve an access token. We’ll use the same client id and resource as 4.
  6. Using the access token obtained vie federated or managed, we next call the azure api to get a skeleton kubconfig file.
  7. Now we extract the apiserver-id and client-id, and we’ll call either Step 4 (Federated) or Step 7 (Managed) again but using the client-id we extracted from the kubconfig file returned in 6 as the client id and the apiserver-id we extracted in 6 as the resource in our OAuth2 flow. This will return an access token, refresh token, expires in and expires on. We’ll just simply add this to our kubeconfig file.
  8. Now we can just use kubectl without the Interactive Authentication flow.







Cloud Platform Architect. Opinions and articles on medium are my own.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Unreal Engine. Character Interaction With an Object and Animation

Server Side Tracking |

Ansible Tower and its ‘venv’ Lifecycle on OpenShift

One symbol of that politicization is an organization called Evangelicals for Trump.

Hacktoberfest-Contributing to open source

Getting Started with Appium: Here Are the Things You Need to Know

Create a Grayscale Image Editor with Just 5 Lines of Code

Explicit concurrency

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Adrian Hynes

Adrian Hynes

Cloud Platform Architect. Opinions and articles on medium are my own.

More from Medium

“ Discipline automates habits which, in turn, determine your outcomes “

Destructuring 101

Now, upload large file to your Github repository!