使用Azure PowerShell证书身份验证在Azure AD中创建应用程序 [英] Create a Application in Azure AD with Azure PowerShell Certificate authentication

问题描述

我试图使用Azure PowerShell证书身份验证在Azure AD中创建应用程序，以下是Powershell代码段:

I was trying to Create a Application in Azure AD with Azure PowerShell Certificate authentication, below is the Powershell snippet:

Login-AzureRmAccount
$cert = New-Object    System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage  "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName "Owner" -ServicePrincipalName  $app.ApplicationId 

Azure AD应用程序已成功创建，但是对于具有证书身份验证的Azure AD应用程序，创建后，customKeyIdentifier和keyCredentials中的值为null，这是我从Azure下载的应用程序清单的一部分门户:

the Azure AD application was created successfully, however for Azure AD application with Certificate Authentication, the customKeyIdentifier and value of in the keyCredentials is null after creation, this is the portion of manifest of my application I downloaded from Azure portal:

"keyCredentials": [{
"customKeyIdentifier": null,
"endDate": "2017-02-25T20:48:35.5174541Z",
"keyId": "575580cc-ce4e-4862-ad3e-1ba5833fe7f6",
"startDate": "2016-02-25T20:48:35.5174541Z",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"value": null
}],

仅供参考，该证书是我使用本地生成的makecert命令的自签名证书.

FYI the certificate is a self signed certificate I use makecert command generated locally.

任何建议，非常感谢.

詹姆斯

推荐答案

添加对 Set-AzureRmKeyVaultAccessPolicy 的调用，以指定您希望密钥库的服务原理所具有的访问级别.在脚本的最后两行中查看更改.

Add a call to Set-AzureRmKeyVaultAccessPolicy to specify the access level you want the service principle to have for the key vault. See the changes in the last two lines for your script.

Login-AzureRmAccount
$cert = New-Object    System.Security.Cryptography.X509Certificates.X509Certificate("PATH_TO_CER_FILE")
$key = [System.Convert]::ToBase64String($cert.GetRawCertData())
$app = New-AzureRmADApplication -DisplayName "SetupTet4" -HomePage  "http://localhost" -IdentifierUris "http://localhost" -KeyValue $key -KeyType AsymmetricX509Cert
$sp = New-AzureRmADServicePrincipal -ApplicationId $app.ApplicationId
Set-AzureRmKeyVaultAccessPolicy -VaultName "<your-vault-name>" `
    -ServicePrincipalName $sp.ServicePrincipalName `
    -PermissionsToKeys all -PermissionsToSecrets all `
    -ResourceGroupName "<your-resource-group-name>"

这篇关于使用Azure PowerShell证书身份验证在Azure AD中创建应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！