[英]How can I make MSAL4J and azure-security-keyvault-* work together?
I would like to authenticate with MSAL4J and the certificate stored in Azure Key Vault (AKV).我想使用 MSAL4J 和存储在 Azure Key Vault (AKV) 中的证书进行身份验证。 The certificate is a self-signed Azure Key Vault certificate.
该证书是自签名的 Azure Key Vault 证书。
I could find an example based on a certificate and key stored locally (file system) but not a certificate created and stored in AKV.我可以找到一个基于本地(文件系统)存储的证书和密钥的示例,而不是在 AKV 中创建和存储的证书。 How to use the certificate, key, and secret objects obtained from
azure-security-keyvault-*
with MSAL4J?如何在 MSAL4J 中使用从
azure-security-keyvault-*
获得的证书、密钥和秘密对象?
azure-security-keyvault-keys
is com.azure.security.keyvault.keys.models.KeyVaultKey
, but MSAL4J expects java.security.PrivateKey
.azure-security-keyvault-keys
是com.azure.security.keyvault.keys.models.KeyVaultKey
,但 MSAL4J 需要java.security.PrivateKey
。azure-security-keyvault-secrets
to decrypt the private key?azure-security-keyvault-secrets
获得的秘密来解密私钥? Are you sure it is supported?你确定它受支持吗? As far as I know certificated-based authentication is not supported.
据我所知,不支持基于证书的身份验证。 MSAL uses either public clients or confidential clients.
MSAL 使用公共客户端或机密客户端。
However, I did find this on their wiki: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Client-Credentials但是,我确实在他们的 wiki 上找到了这个: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Client-Credentials
There are two types of client secrets in MSAL4J: MSAL4J 中有两种类型的客户端机密:
You need to instantiate a confidential client application;您需要实例化一个机密的客户端应用程序; if you have a certificate:
如果你有证书:
String PUBLIC_CLIENT_ID;
String AUTHORITY;
PrivateKey PRIVATE_KEY;
X509Certificate PUBLIC_KEY;
IClientCredential credential = ClientCredentialFactory.createFromCertificate(PRIVATE_KEY, PUBLIC_KEY);
ConfidentialClientApplication app =
ConfidentialClientApplication
.builder(PUBLIC_CLIENT_ID, credential)
.authority(AUTHORITY)
.build();
Then acquire a token: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Acquiring-Tokens#confidential-client-applications然后获取令牌: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Acquiring-Tokens#confidential-client-applications
https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts
You would need to use: acquireTokenByClientCredential
https://azuread.github.io/microsoft-authentication-library-for-js/ref/classes/_azure_msal_node.confidentialclientapplication.html#acquiretokenbyclientcredential您需要使用:
acquireTokenByClientCredential
https://azuread.github.io/microsoft-authentication-library-for-js/ref/classes/_azure_msal_node.confidentialclientapplication.html#acquiretokenbyclientcredential
Also see:另见:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.