yonzhan
commented
1 year ago @jiasli for awareness
Open tagur87 opened 1 year ago
yonzhan
commented
1 year ago @jiasli for awareness
jiasli
commented
1 year ago Azure CLI currently has no support for SAML-based AAD apps (#7579), so this use case is not supported either.
Even so, I did some investigation and can provide some further information.
az ad sp credential delete command calls the Update servicePrincipal Microsoft Graph API to delete certificate credential from the keyCredentials property of the service principal object. It raises an error if the key_id doesn't exist in keyCredentials:
You may run az ad sp credential delete with --debug to verify how it works and which APIs are invoked.
Therefore, it is very likely to be a Microsoft Graph API issue:
keyCredentials property of the service principal object.keyCredentials property then calling Update servicePrincipal API.I would suggest contacting Microsoft Graph support for further investigation.
This is autogenerated. Please review and update as needed.
Describe the bug
When running
az ad sp credential delete --cert --id xxxx --key-id xxxxto delete an inactive SAML signing certificate, the command succeeds, but there are no changes in the API or the GUI.Command Name
az ad sp credential deleteErrors:
To Reproduce:
Steps to reproduce the behavior. Note that argument values have been redacted, as they may contain sensitive information.
az ad sp credential list --id abcd1234az ad sp credential delete --id abcd1234 --key-id {} --cert<<--- key id of the inactive cert in the previous listaz ad sp credential list --id abcd1234Expected Behavior
Expect the inactive certificate with the key-id sent through the delete command should be removed.
Environment Summary
Additional Context