使用 powershell 使用访问令牌连接到 azure 广告
[英]Using powershell to connect to azure ad using access token
问题描述
I'm writing a powershell script to connect to azure ad using access token.
我正在编写一个 powershell 脚本以使用访问令牌连接到 azure 广告。 I'm using below command:我正在使用以下命令:
Connect-AzureAD -TenantId "$tenantId" -AadAccessToken $tokenResponse.access_token -AccountId "$appId"
I have given application "Contirbute" & "Global Administrator" Role, also Application has all required permissions.我给了应用程序“继续”和“全局管理员”角色,应用程序也具有所有必需的权限。
When I execute the script I can connect to Azure AD but if I try to run subsequent commands after this it gives be below error.当我执行脚本时,我可以连接到 Azure AD 但是如果我尝试在此之后运行后续命令,则会出现以下错误。
Please assist me on this further.请进一步协助我。
Get-AzureADUser : Error occurred while executing GetUsers
Code: Authentication_ExpiredToken
Message: Your access token has expired. Please renew it before submitting the request.
HttpStatusCode: Unauthorized
HttpStatusDescription: Unauthorized
HttpResponseStatus: Completed
At C:\Users\kajalchaudhari\Desktop\test_connect.ps1:22 char:1
+ Get-AzureADUser -Top 10
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADUser], ApiException
+ FullyQualifiedErrorId :
Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetUser
2 个解决方案
解决方案1
0 2020-08-01 11:18:04
seems like you need to configure the token expiry in Azure AD.似乎您需要在 Azure AD 中配置令牌到期。 if you have already done that and the error message is instant then see if following blog is helpful如果您已经这样做并且错误消息是即时的,那么请查看以下博客是否有帮助
https://www.insight.com/en_US/content-and-resources/tech-tutorials/azure-active-directory-authentication-token.html https://www.insight.com/en_US/content-and-resources/tech-tutorials/azure-active-directory-authentication-token.html
解决方案2
0 2020-08-04 07:36:05
The error means the AAD Graph token you passed has expired, you need to pass a new one.该错误表示您传递的 AAD Graph 令牌已过期,您需要传递一个新令牌。
Or if you want to automate this, you could follow the steps below.或者,如果您想自动执行此操作,您可以按照以下步骤操作。
1.First, make sure you have installed the Az module. 1.首先,确保您已经安装了Az模块。 Then get the application id , tenant id , client secret of the AD App which is the global admin.然后获取作为全局管理员的 AD App 的application id 、 tenant id 、 client secret 。
2.Then run the script below, it works fine on my side. 2.然后运行下面的脚本,它在我这边工作正常。
$azureAplicationId ="<application id>"
$azureTenantId= "<tenant id>"
$azurePassword = ConvertTo-SecureString "<client secret>" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
$context = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile.DefaultContext
$aadToken = [Microsoft.Azure.Commands.Common.Authentication.AzureSession]::Instance.AuthenticationFactory.Authenticate($context.Account, $context.Environment, $context.Tenant.Id.ToString(), $null, [Microsoft.Azure.Commands.Common.Authentication.ShowDialog]::Never, $null, "https://graph.windows.net").AccessToken
Connect-AzureAD -AadAccessToken $aadToken -AccountId $context.Account.Id -TenantId $context.tenant.id
Get-AzureADUser
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.