[英]Create an Azure AD application with KeyVault & Azure PowerShell Certificate authentication
I was trying to Create a Application in Azure AD with Azure PowerShell Certificate authentication, below is the Powershell snippet:我试图使用 Azure PowerShell 证书身份验证在 Azure AD 中创建应用程序,下面是 Powershell 代码段:
Login-AzureRmAccount
$certPassword = ConvertTo-SecureString $CertPassword -AsPlainText -Force
$x509 = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $certPath,$certPassword
$credValue = [System.Convert]::ToBase64String($x509.GetRawCertData())
$adapp = New-AzureRmADApplication -DisplayName $ApplicationName -HomePage $URL -IdentifierUris $URL -CertValue $credValue -StartDate $startDate -EndDate $endDate
$sp = New-AzureRmADServicePrincipal -ApplicationId $adapp.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName $VaultName -ServicePrincipalName $sp.ServicePrincipalNames[1] -PermissionsToKeys all –PermissionsToSecrets all -ResourceGroupName $ResourceGroupName
The Azure AD application was created successfully, however for Azure AD application with Certificate Authentication, the customKeyIdentifier and value of in the keyCredentials is null after creation, this is the portion of manifest of my application I downloaded from Azure portal: Azure AD 应用程序已成功创建,但是对于具有证书身份验证的 Azure AD 应用程序,创建后 keyCredentials 中的 customKeyIdentifier 和值为 null,这是我从 Azure 门户下载的应用程序清单的一部分:
"keyCredentials": [{
"customKeyIdentifier": null,
"endDate": "2018-01-25T11:55:35.7680698Z",
"keyId": "ca1e536c-2220-478b-af73-1198d125bb5f",
"startDate": "2017-01-25T11:55:35.7680698Z",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": null
} ]
The certificate is a self signed certificate created using makecert command generated locally.该证书是使用本地生成的 makecert 命令创建的自签名证书。 I am using Powershell Version of 2.0.1我正在使用 2.0.1 的 Powershell 版本
C# Code to retrieve the token with Application Id & Thumbprint使用应用程序 ID 和指纹检索令牌的 C# 代码
public static async Task GetAccessToken(string authority, string resource, string scope) { var context = new AuthenticationContext(authority, TokenCache.DefaultShared);公共静态异步任务 GetAccessToken(字符串权限,字符串资源,字符串范围){ var context = new AuthenticationContext(authority, TokenCache.DefaultShared); var result = await context.AcquireTokenAsync(resource, AssertionCert); var result = await context.AcquireTokenAsync(resource, AssertionCert); return result.AccessToken;返回结果.AccessToken; } }
This Code errors out at var result with "Keyset does not exists"此代码在 var 结果处出错,并显示“密钥集不存在”
Is there any way to resolve this issue?有没有办法解决这个问题?
Thank you :)谢谢 :)
Did you look at the answer here?你看这里的答案了吗?
Create a Application in Azure AD with Azure PowerShell Certificate authentication 使用 Azure PowerShell 证书身份验证在 Azure AD 中创建应用程序
In the comments he mentions that CustomKeyIdentifier being null does not matter for authentication.在评论中,他提到 CustomKeyIdentifier 为 null 对于身份验证无关紧要。
Did you try authenticating regardless of the null value?\\无论空值如何,您是否都尝试进行身份验证?\\
EDIT: If you want to generate a thumbprint for a public certificate you own, you can do so using the following powershell cmdlets:编辑:如果要为您拥有的公共证书生成指纹,可以使用以下 powershell cmdlet:
$cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2
$cer.Import(“mycer.cer”)
$bin = $cer.GetCertHash()
$base64Thumbprint = [System.Convert]::ToBase64String($bin)
I hope this helps.我希望这有帮助。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.