使用 Azure PowerShell 证书身份验证在 Azure AD 中创建应用程序
Create a Application in Azure AD with Azure PowerShell Certificate authentication
我尝试使用 Azure PowerShell 证书身份验证在 Azure AD 中创建应用程序,下面是 Powershell 片段:
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName "Owner" -ServicePrincipalName $app.ApplicationId
Azure AD应用程序创建成功,但是对于带有证书认证的Azure AD应用程序,创建后customKeyIdentifier和keyCredentials中的值为空,这是manifest的部分我从 Azure 门户下载的应用程序:
"keyCredentials": [{
"customKeyIdentifier": null,
"endDate": "2017-02-25T20:48:35.5174541Z",
"keyId": "575580cc-ce4e-4862-ad3e-1ba5833fe7f6",
"startDate": "2016-02-25T20:48:35.5174541Z",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": null
}],
仅供参考,该证书是我使用本地生成的 makecert 命令的自签名证书。
任何建议,不胜感激。
詹姆斯
添加对 Set-AzureRmKeyVaultAccessPolicy 的调用以指定您希望服务主体对密钥保管库具有的访问级别。查看脚本最后两行的更改。
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
$sp = New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName "<your-vault-name>" `
-ServicePrincipalName $sp.ServicePrincipalName `
-PermissionsToKeys all -PermissionsToSecrets all `
-ResourceGroupName "<your-resource-group-name>"
我尝试使用 Azure PowerShell 证书身份验证在 Azure AD 中创建应用程序,下面是 Powershell 片段:
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName "Owner" -ServicePrincipalName $app.ApplicationId
Azure AD应用程序创建成功,但是对于带有证书认证的Azure AD应用程序,创建后customKeyIdentifier和keyCredentials中的值为空,这是manifest的部分我从 Azure 门户下载的应用程序:
"keyCredentials": [{
"customKeyIdentifier": null,
"endDate": "2017-02-25T20:48:35.5174541Z",
"keyId": "575580cc-ce4e-4862-ad3e-1ba5833fe7f6",
"startDate": "2016-02-25T20:48:35.5174541Z",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": null
}],
仅供参考,该证书是我使用本地生成的 makecert 命令的自签名证书。
任何建议,不胜感激。
詹姆斯
添加对 Set-AzureRmKeyVaultAccessPolicy 的调用以指定您希望服务主体对密钥保管库具有的访问级别。查看脚本最后两行的更改。
Login-AzureRmAccount
$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
$sp = New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName "<your-vault-name>" `
-ServicePrincipalName $sp.ServicePrincipalName `
-PermissionsToKeys all -PermissionsToSecrets all `
-ResourceGroupName "<your-resource-group-name>"