为Azure功能门户/ Create-IdentityApp.ps1配置单点登录(SSO)失败 [英] Configure Single-Sign-On (SSO) for the Azure Functions Portal / Create-IdentityApp.ps1 fails
问题描述
嗨团队,
我已经在AAD上运行TP3R并且我正在最终确定APP服务设置。
无论是什么脚本中的DNS记录'management.local.azurestack.external'不正确(应该使用'api.local.azurestack.external',禁用执行策略和更新脚本),这是一个错误:
PS C:\ Users \AzureStackAdmin \Downloads> .\Create-IdentityApp.ps1
安全警告
仅运行您信任的脚本。虽然来自互联网的脚本可能很有用,但此脚本可能会损害您的计算机。如果
信任此脚本,请使用Unblock-File cmdlet允许脚本在没有此警告消息的情况下运行。是否要运行
C:\ Users \AzureStackAdmin \Downloads\Create-IdentityApp.ps1?
[D]不要跑步 [R]运行一次 [S]暂停 [?]帮助(默认为"D"):r
cmdlet命令管道位置1的Create-IdentityApp.ps1
以下参数的供应值:
AadTenantId:***
AzureStackCredential
CertificateFilePath:C:\sso.appservice.local.azurestack.external.pfx
CertificatePassword: ***
VERBOSE:资源提供商FQDN解析为:'***'
VERBOSE:GET https://api.local.azurestack.external/metadata/endpoints?具有0字节有效负载的api-version = 1.0
VERBOSE:收到内容类型application / json的326字节响应; charset = utf-8
VERBOSE:ARM资源Uri:'https://api.local.azurestack.external/eead6fa4-ab68-430f-a332-7905bb2a7742'
eead6fa4-ab68-430f-a332-7905bb2a7742
New-Object:异常调用" .ctor"用"3"表示"3"。参数:"指定的网络密码不正确。
"
在C: \ Users \ArureStackAdmin \Downloads\Create-IdentityApp.ps1:75 char:24
+ ... rtificate = New-Object System.Security.Cryptography .X509Certificates。 ...
+ ; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~
+ CategoryInfo :InvalidOperation:(:) [New-Object],MethodInvocationException
+ FullyQualifiedErrorId:ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand
任何想法?
您好
似乎提供给参数
CertificatePassword的值不是pfx的相应密码。
我建议您验证手动将证书导入任何计算机,以便验证pfx文件的密码。
如果密码没有问题,则问题可能与PowerShell处理字符串有关。您可以尝试使用单引号创建一个带密码值的变量,然后使用变量调用powershell。
类似于
pwd =
Hi team,
I have TP3R running with AAD and I'm finalizing APP service setup.
Regardless of the incorrect DNS record 'management.local.azurestack.external' in the script (which should use 'api.local.azurestack.external', disable execution policy and update script) there is an error:
PS C:\Users\AzureStackAdmin\Downloads> .\Create-IdentityApp.ps1
Security warning
Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you
trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run
C:\Users\AzureStackAdmin\Downloads\Create-IdentityApp.ps1?
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): rcmdlet Create-IdentityApp.ps1 at command pipeline position 1
Supply values for the following parameters:
AadTenantId: ***
AzureStackCredential
CertificateFilePath: C:\sso.appservice.local.azurestack.external.pfx
CertificatePassword: ***
VERBOSE: Resource Provider FQDN resolved to: '***'
VERBOSE: GET https://api.local.azurestack.external/metadata/endpoints?api-version=1.0 with 0-byte payload
VERBOSE: received 326-byte response of content type application/json; charset=utf-8
VERBOSE: ARM resource Uri: 'https://api.local.azurestack.external/eead6fa4-ab68-430f-a332-7905bb2a7742'
eead6fa4-ab68-430f-a332-7905bb2a7742
New-Object : Exception calling ".ctor" with "3" argument(s): "The specified network password is not correct.
"
At C:\Users\AzureStackAdmin\Downloads\Create-IdentityApp.ps1:75 char:24
+ ... rtificate = New-Object System.Security.Cryptography.X509Certificates. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvocationException
+ FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommandany ideas?
解决方案Hi
Its seems that the value provided to the parameter
CertificatePassword is not the corresponding password of the pfx.I suggest you to verify importing the cert manually to any computer in order for you to verify the password for the pfx file.
If there is no issue with the password, then the issue could be related to PowerShell handling of strings. You could try creating a variable with the password value using single quotes and then call the powershell using variable.
Something like
pwd = 查看全文
