hughj4
commented
1 year ago The reason it worked for me is because I had MicrosoftTeams module loaded where others did not. MicrosoftTeams loaded first so I am using an MSTeams version. Replaced the Microsoft.Identity.Client. and Microsoft.Identity.Client.Desktop in ...WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Microsoft.Identity.Client.4.37.0\net45 and .. Desktop\net45 with MSTeams version. For PowerShell 5 also required "authority cannotbe found fix", https://github.com/AzureAD/MSAL.PS/issues/45.
bgavrilMS
We are using the same version of PoweShell (5.1.19041.2673) and MSAL.PS (4.36.1.2). Also, referencing the same Azure Tenant, Azure App Registration and certificate. All laptops connected to the same network and have similar age and configuration.
Executed the following script for three of us. It worked for me but failed for 2 of my co-workers.
$subject=""
$Tenant = ""
$ClientID = ""
$subjectName = "CN=$($subject)" $cert = Get-ChildItem Cert:\CurrentUser\My | where-object { $_.Subject -eq $subjectName } | Select-Object * | Sort-Object -desc NotAfter | Select-Object -first 1 $ThbPrint = $cert.Thumbprint $connectionDetails = @{ 'TenantId' = $Tenant 'ClientId' = $ClientID }
$connectionDetails += @{'ClientCertificate' = Get-Item -Path "Cert:\CurrentUser\My\$($ThbPrint)" } $token = Get-MsalToken @connectionDetails
They receive the following error message: "Get-MsalToken : Could not use the certificate for signing. See inner exception for details. Possible cause: this may be a known issue with apps build against .NET Desktop 4.6 or lower. Either target a higher version of .NET desktop - 4.6.1 and above, or use a different certificate type (non-CNG) or sign your own assertion as described at https://aka.ms/msal-net-signed-assertion. At C:\PShell\Scripts - Outlook Rooms\testroom.ps1:137 char:18 + $token = Get-MsalToken @connectionDetails +
~~~~~~~~ + CategoryInfo : AuthenticationError: (Microsoft.Ident...arameterBuilder:AcquireTokenForClientParameterBuilder) [Write-Error], MsalClientException + FullyQualifiedErrorId : GetMsalTokenFailureAuthenticationError,Get-MsalToken"We tried installing https://dotnet.microsoft.com/en-us/download/dotnet/thank-you/runtime-desktop-6.0.15-windows-x64-installer List of .NET versions: dotnet --list-runtimes Microsoft.AspNetCore.App 7.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 3.1.28 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 7.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 6.0.15 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 7.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]