stackoom
  简体   繁体   中英

How can I make MSAL4J and azure-security-keyvault-* work together?

 原文  2023-01-25 20:43:25       java/ azure/ azure-keyvault/ msal/ azure-security

Question

I would like to authenticate with MSAL4J and the certificate stored in Azure Key Vault (AKV). The certificate is a self-signed Azure Key Vault certificate.

I could find an example based on a certificate and key stored locally (file system) but not a certificate created and stored in AKV. How to use the certificate, key, and secret objects obtained from azure-security-keyvault-* with MSAL4J?

  1. The key from azure-security-keyvault-keys is com.azure.security.keyvault.keys.models.KeyVaultKey , but MSAL4J expects java.security.PrivateKey .
  2. How to apply the secret obtained from azure-security-keyvault-secrets to decrypt the private key?

1 answers

solution1
 0  2023-02-01 00:17:24

Are you sure it is supported? As far as I know certificated-based authentication is not supported. MSAL uses either public clients or confidential clients.

However, I did find this on their wiki: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Client-Credentials

There are two types of client secrets in MSAL4J:

  • Application Secrets
  • Certificates

You need to instantiate a confidential client application; if you have a certificate:

String PUBLIC_CLIENT_ID;
String AUTHORITY;
PrivateKey PRIVATE_KEY;  
X509Certificate PUBLIC_KEY;

IClientCredential credential = ClientCredentialFactory.createFromCertificate(PRIVATE_KEY, PUBLIC_KEY);
ConfidentialClientApplication app = 
    ConfidentialClientApplication
        .builder(PUBLIC_CLIENT_ID, credential)
        .authority(AUTHORITY)
        .build();

Then acquire a token: https://github.com/AzureAD/microsoft-authentication-library-for-java/wiki/Acquiring-Tokens#confidential-client-applications

https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-node/src/client/ConfidentialClientApplication.ts
You would need to use: acquireTokenByClientCredential https://azuread.github.io/microsoft-authentication-library-for-js/ref/classes/_azure_msal_node.confidentialclientapplication.html#acquiretokenbyclientcredential

Also see:

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to get username after logged in?.I am trying with MSAL (@azure/msal-angular) for Azure Signin How to access Azure Keyvault via private endpoint in Python? How to share a key from one azure tenant(account) keyvault under one subscription to another azure tenant(account) keyvault in another subscription Allowing Azure CDN to access Azure KeyVault java.lang.NoSuchMethodError: 'com.microsoft.aad.msal4j.SilentParameters$SilentParametersBuilder using azure sdk for java service bus Connect to KeyVault in Azure China Optimization for GetSecret with Azure Keyvault Azure Keyvault Local Issues How to get the list of access policies of an Azure keyvault related to individual users? How to Access Azure Data Factory if we disable public access for keyvault
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM