使用AzureAD身份验证部署ServiceFabric应用程序 [英] Deploying ServiceFabric apps using AzureAD Authentication
问题描述
我想使用azure广告和应用程序将应用程序部署到我的服务结构中Powershell.
I want to deploy apps to my service fabric using azure ad & powershell.
我已经安装了必需的Azure AD应用程序,但是我不知道如何以编程方式登录到Azure AD帐户,因此可以从CD工具中进行部署.看来这需要是AD用户,而不是服务主体.使用AzureAD时,COnnect-ServiceFabric cmdlet需要某种安全令牌,并且我不知道如何提供它来避免弹出窗口.
I've setup the required azure AD apps, but I don't know how to login to an Azure AD account programtically so it can be deployed from CD tool. It seems like this needs to be an AD user and not service principal. The COnnect-ServiceFabric cmdlet requires some sort of security token when using AzureAD and I don't know how to provide it to avoid the popup.
推荐答案
以下是您可以用来启动和运行的步骤-
Here are steps that you could use to get things up and running -
1..您需要在AD中创建两个应用程序注册-一个用于表示SF群集,第二个用于客户端应用程序.您可以按照此处的说明完成操作
1. You need to create two app registrations in AD - the one to represent the SF cluster and the second one for the client app. You could follow the instructions here to get it done Set up Azure Active Directory for client authentication
结果,您应该具有下一个输出-
As the result, you should have the next output -
"azureActiveDirectory":{" tenantId ":"guid"," clusterApplication ":"guid"," clientApplication ":"guid}
"azureActiveDirectory": { "tenantId":"guid", "clusterApplication":"guid", "clientApplication":"guid" }
2..现在您可以设置您的SF集群.您可以将上一步获得的AD工件放入rm模板,也可以在门户中指定字段.选择是您的-
2. Now you could set up your SF cluster. You could either put the AD artifacts you've got from the previous step into the rm template or specify the fields in the portal. The choice is yours -
3..找到在AD第一步中创建的应用注册,然后将要登录的用户分配给在其中具有某些角色的用户.
3. Find the app registrations created at the first step in AD, and assign to the user you are going to login with some role there.
4. Finally, use this example to login using AD authentication in a non-interactive mode - Connect to a secure cluster non-interactively using Azure Active Directory.
这里是一样的,但在Powershell中-
Here is just the same but in Powershell -
$authority = "https://login.microsoftonline.com/your_tenant_id"
$credentials = [Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential]::new($UserName, $Password)
$authContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority)
$authResult = $authContext.AcquireTokenAsync($clusterApplicationId, $clientApplicationId, $credentials)
$Token = $authResult.Result.AccessToken
Connect-ServiceFabricCluster -AzureActiveDirectory -SecurityToken $Token -ConnectionEndpoint "your_cluster_name.location.cloudapp.azure.com:19000" -ServerCertThumbprint "your_server_cert_thumbprint"
基本上就是这样.
这篇关于使用AzureAD身份验证部署ServiceFabric应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
