为什么不能在图资源管理器中的appRoles对象中添加元素? [英] Why cant I add an element to the appRoles object within graph explorer?

问题描述

我已经在azure中创建了一个应用程序，我现在有兴趣向应用程序用户添加特定角色，以便允许将角色数据作为SAML集成的一部分放置到令牌中.

Ive created an application in azure and Im now interested in adding specific roles to the application users in order to allow the roles data to be placed into the token as part of a SAML integration.

问题是我无法运行PATCH并将第3个元素添加到appRoles对象.这是我在这里运行GET之后的对象 https://graph.microsoft.com/beta/servicePrincipals/ {ID}

The issue is that I cannot run a PATCH and add a 3rd element to the appRoles object. Here is my object after running a GET here https://graph.microsoft.com/beta/servicePrincipals/{ID}

{
"appRoles": [{
        "allowedMemberTypes": ["User"],
        "description": "msiam_access",
        "displayName": "msiam_access",
        "id": "b9632174-c057-4f7e-951b-be3adc52bfe6",
        "isEnabled": true,
        "origin": "Application",
        "value": null
    }, {
        "allowedMemberTypes": ["User"],
        "description": "User",
        "displayName": "User",
        "id": "18d14569-c3bd-439b-9a66-3a2aee01d14f",
        "isEnabled": true,
        "origin": "Application",
        "value": null
    }
]

}

我只是向该集合中添加了第三个元素，

I simply am adding a third element to that collection, as

, {
        "allowedMemberTypes": ["User"],
        "description": "groupdescription1",
        "displayName": "groupdisplayName1",
        "id": "9ef0f137-69c7-4ae1-ad90-28363c1f58ba",
        "isEnabled": true,
        "origin": "Application",
        "value": null
    }

但是，在使用第三个元素运行PATCH更新后，我收到了

However, after running the PATCH update with the 3rd element, I receive

{
"error": {
    "code": "Request_BadRequest",
    "message": "One or more properties on the service principal does not match the application object.",
    "innerError": {
        "request-id": "819a5e01-3005-413a-9c36-a698dd90b88d",
        "date": "2019-08-29T21:03:23"
    }
}

}

我只需2个元素就可以运行PATCH更新.还行吧.但是为什么不允许第三个元素呢?

I can run the PATCH update with just 2 elements. This is ok. But why doesnt it allow a 3rd element?

我在这里阅读 https://docs.microsoft.com/en-us/graph/api/resources/approle?view=graph-rest-beta

此功能在当前版本中已禁用.

This functionality is disabled in the current release.

这是否意味着我无法实现增加第三个角色的目标? 我在这里想念什么?任何帮助表示赞赏.

Does this mean I cannot accomplish the goal I have of adding a 3rd role? What am I missing here? Any help is appreciated.

我在像这样的地方看到 https://dailysysadmin.com/KB/Article/2970/configuring-azure-active-directory-as-an-identity-source-for-multiple-applications-sso-single-on-on/ 可能只有1点.

I see in places like here https://dailysysadmin.com/KB/Article/2970/configuring-azure-active-directory-as-an-identity-source-for-multiple-applications-sso-single-sign-on/ that it was at 1 point possible.

推荐答案

解决方案:从新对象中删除属性"origin".

Solution: remove property "origin" from new object.

该对象无效

{
    "allowedMemberTypes": ["User"],
    "description": "groupdescription1",
    "displayName": "groupdisplayName1",
    "id": "9ef0f137-69c7-4ae1-ad90-28363c1f58ba",
    "isEnabled": true,
    "ORIGIN": "Application",
    "value": null
}

一旦我删除了起源属性，并重试了PATCH，它就像是一种魅力.

Once I removed the origin property, and retried the PATCH, it worked like a charm.

我想这个错误是很明显的提示，

I suppose the error was pretty indicative,

服务主体上的一个或多个属性与应用程序对象不匹配

One or more properties on the service principal does not match the application object

仅不包含无效的字段名称.我错误地认为我可以从GET复制对象，然后粘贴到PATCH主体中.

just without the field name that was invalid. I wrongly assumed I could copy the object from the GET, and paste into the PATCH body.

这篇关于为什么不能在图资源管理器中的appRoles对象中添加元素?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！