Created
January 8, 2019 09:39
-
-
Save open-ruic/a4428cc7745fabf3ed1b46d2d8f0e9ae to your computer and use it in GitHub Desktop.
Add Certificate Key to Azure AD Application for Certificate Authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Param | |
| ( | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $SubscriptionId, | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $UserName, | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $Password, | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $AppObjectId, | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $CertPath, | |
| [Parameter(ParameterSetName='Setting', Mandatory=$true)] | |
| [String] | |
| $TenantId | |
| ) | |
| Write-Host 'TenantId = ' $TenantId | |
| Write-Host 'SubscriptionId = ' $SubscriptionId | |
| Write-Host 'AppObjectId = ' $AppObjectId | |
| # get Access Token with user | |
| $TokenEndpoint = {https://login.chinacloudapi.cn/{0}/oauth2/token} -f $TenantId | |
| $Resource = "https://graph.chinacloudapi.cn/"; | |
| $Body = @{ | |
| "resource"= $Resource | |
| "client_id" = "1950a258-227b-4e31-a9cf-717495945fc2" | |
| "grant_type" = "password" | |
| "username" = $Username | |
| "password" = $Password | |
| } | |
| $token = Invoke-RestMethod -Method Post ` | |
| -ContentType 'application/x-www-form-urlencoded' ` | |
| -Headers @{'accept'='application/json'} ` | |
| -Body $Body ` | |
| -URI $TokenEndpoint ` | |
| -ErrorVariable RestError ` | |
| -ErrorAction Stop | |
| if ($RestError) | |
| { | |
| $HttpStatusCode = $RestError.ErrorRecord.Exception.Response.StatusCode.value__ | |
| $HttpStatusDescription = $RestError.ErrorRecord.Exception.Response.StatusDescription | |
| Throw "Http Status Code: $($HttpStatusCode) `nHttp Status Description: $($HttpStatusDescription)" | |
| return -1 | |
| } | |
| $AccessToken = $token.access_token | |
| # import Cert and get Cert Content | |
| $Cer = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 | |
| $Cer.Import($CertPath) | |
| $Base64Value = [System.Convert]::ToBase64String($Cer.GetRawCertData()) | |
| $Base64Thumbprint = [System.Convert]::ToBase64String($Cer.GetCertHash()) | |
| # send Request for uploading cert to Azure AD Application | |
| $Body = @{ | |
| "keyCredentials"= @(@{ | |
| "customKeyIdentifier"=$Base64Thumbprint; | |
| "keyId"=[System.Guid]::NewGuid().ToString() | |
| "type"="AsymmetricX509Cert"; | |
| "usage"="Verify"; | |
| "value"=$Base64Value; | |
| }) | |
| } | |
| $Result = Invoke-RestMethod -Method PATCH ` | |
| -Uri ("https://graph.chinacloudapi.cn/"+ $TenantId+"/applications/" + $AppObjectId + "?api-version=1.6") ` | |
| -Body ($Body|ConvertTo-Json) ` | |
| -ContentType "application/json" ` | |
| -Headers @{ "Authorization" = "Bearer " + $AccessToken } ` | |
| -ErrorVariable RestError -ErrorAction Stop | |
| if ($RestError) | |
| { | |
| $HttpStatusCode = $RestError.ErrorRecord.Exception.Response.StatusCode.value__ | |
| $HttpStatusDescription = $RestError.ErrorRecord.Exception.Response.StatusDescription | |
| Throw "Http Status Code: $($HttpStatusCode) `nHttp Status Description: $($HttpStatusDescription)" | |
| } | |
| else | |
| { | |
| Write-Host | |
| Write-Host 'Update Success!' | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| .\AddCertToAzureADApplication.ps1 -SubscriptionId xxx -UserName xxx -Password xxx -CertPath xxx -AppObjectId xxx -TenantId xxx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment