Closed abatishchev closed 3 years ago
Here's the commit where it was added as commented from the start.
@jasoth, can you please commented why?
I was going to implement it but have not had time to figure out how to implement properly and test.
Jason Thompson Sr. Program Managerhttps://aka.ms/jasoth/LinkedIn | Microsoft Identity CxP GTPhttps://azure.microsoft.com/en-us/case-studies/?service=active-directory | +1 (513) 826-9258<tel:+15138269258> Microsoft Teams (Chat)sip:jasoth@microsoft.com | Book meetinghttps://aka.ms/jasoth/bookmeeting | Calendar availability (EST/EDT)https://aka.ms/jasoth/calendar
From: Alexander Batishchev notifications@github.com Sent: Thursday, June 11, 2020 3:36 PM To: jasoth/MSAL.PS MSAL.PS@noreply.github.com Cc: Jason Thompson (ID CXP) Jason.Thompson@microsoft.com; Mention mention@noreply.github.com Subject: Re: [jasoth/MSAL.PS] MSAL.PS 4.14.0.1 and X5C (#8)
Here's the commithttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjasoth%2FMSAL.PS%2Fcommit%2Fd4297bcf3d93c65d5a3c34e083f7acb1abdd1cf3&data=02%7C01%7CJason.Thompson%40microsoft.com%7C42882866499d43b5533d08d80e3eb6ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275009806717044&sdata=EZ5wFkQyFUCs2rR40JafMhwRoPMzaIrKGgo2a1ncmx8%3D&reserved=0 where it was added as commented from the start.
@jasothhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjasoth&data=02%7C01%7CJason.Thompson%40microsoft.com%7C42882866499d43b5533d08d80e3eb6ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275009806722029&sdata=AUtqNPEfsugsQcQP6%2BTF1n%2BJAUtOlw8MjKHQsIT8Ozs%3D&reserved=0, can you please commented why?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjasoth%2FMSAL.PS%2Fissues%2F8%23issuecomment-642887673&data=02%7C01%7CJason.Thompson%40microsoft.com%7C42882866499d43b5533d08d80e3eb6ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275009806727020&sdata=IZ%2F4Nfkld4iarkk1nDuovXbajZKBsfIHc5VRnOULl4Q%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEDJ2NPDZTXS5CSZ63PB2DDRWEW3FANCNFSM4N3WKPHQ&data=02%7C01%7CJason.Thompson%40microsoft.com%7C42882866499d43b5533d08d80e3eb6ae%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275009806732006&sdata=b1KBJ24pTI%2B9LQ9Z2tSkxFLQnBVJpgJozHoOKIWmJ6U%3D&reserved=0.
Would be great to have this feature as right now the latest version doesn't work with 1PA.
Do you know if there any alternative to get it working from PowerShell?
I would suggest using New-MsalClientApplication and then use the WithSendX5C methodhttps://docs.microsoft.com/en-us/dotnet/api/microsoft.identity.client.acquiretokenforclientparameterbuilder.withsendx5c?view=azure-dotnet on the application object from PowerShell to do X5C.
Jason Thompson Sr. Program Managerhttps://aka.ms/jasoth/LinkedIn | Microsoft Identity CxP GTPhttps://azure.microsoft.com/en-us/case-studies/?service=active-directory | +1 (513) 826-9258<tel:+15138269258> Microsoft Teams (Chat)sip:jasoth@microsoft.com | Book meetinghttps://aka.ms/jasoth/bookmeeting | Calendar availability (EST/EDT)https://aka.ms/jasoth/calendar
From: Alexander Batishchev notifications@github.com Sent: Thursday, June 11, 2020 6:25 PM To: jasoth/MSAL.PS MSAL.PS@noreply.github.com Cc: Jason Thompson (ID CXP) Jason.Thompson@microsoft.com; Mention mention@noreply.github.com Subject: Re: [jasoth/MSAL.PS] MSAL.PS 4.14.0.1 and X5C (#8)
Would be great to have this feature as right now the latest version doesn't work with 1PA.
Do you know if there any alternative to get it working from PowerShell?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fjasoth%2FMSAL.PS%2Fissues%2F8%23issuecomment-642961529&data=02%7C01%7CJason.Thompson%40microsoft.com%7C2b85c226ddbe41d6aaa708d80e564625%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275111002014169&sdata=L64Zafgzt86YsDVMOvE4DopokrxL9IwL%2BPs7lsZCfzk%3D&reserved=0, or unsubscribehttps://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAEDJ2NIOIS5RKAK5W4YV27LRWFKTTANCNFSM4N3WKPHQ&data=02%7C01%7CJason.Thompson%40microsoft.com%7C2b85c226ddbe41d6aaa708d80e564625%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637275111002019162&sdata=ZOl5%2BvxNowqkCORzWiuZMokVCdp5bPPoiJ%2FHCTmoFb4%3D&reserved=0.
Here's what appears to work for me:
if ($SendX5C)
{
$app = New-MsalClientApplication -ClientId $clientId -TenantId $tenantId -Authority $authority -ClientCertificate $cert
$scopes = [string[]] @( $Scope )
$response = $app.AcquireTokenForClient($scopes).WithSendX5C($true).ExecuteAsync().GetAwaiter().GetResult()
}
else
{
$response = Get-MsalToken -ClientId $clientId -TenantId $tenantId -Authority $authority -Scopes $Scope -ClientCertificate $cert
}
Still would be great if it could be just a switch on Get-MsalToken
. Thanks!
I added the SendX5C parameter in the latest update.
@jasoth I'm having a problem with parameters set too. From the list for version 4.16.0.2
I see that I can include SendX5C
only in one of them:
Get-MsalToken [-SendX5C] [-AuthorizationCode <String>] [-UserAssertion <String>] [-UserAssertionType <String>] [-AzureCloudInstance
{None | AzurePublic | AzureChina | AzureGermany | AzureUsGovernment}] [-TenantId <String>] [-Authority <Uri>]
[-ConfidentialClientApplication] <IConfidentialClientApplication> [-Scopes <String[]>] [-CorrelationId <Guid>] [-ExtraQueryParameters
<Hashtable>] [-ForceRefresh] [<CommonParameters>]
But I want to call it in the following way:
Get-MsalToken -ClientId $c `
-TenantId $t `
-Authority https://login.windows-ppe.net/$t/v2.0 `
-Scopes https://management.core.windows.net/.default `
-ClientCertificate $cert `
-SendX5C
Can you please add SendX5C to more/rest of parameter sets?
There are two other usages as well. I assigned it to all parameter sets that involve a ClientCertificate. However, the combination of parameters you have there is not resolving correctly for some reason. I'll take a look at some point.
Get-MsalToken [-ClientId] <String> -ClientCertificate <X509Certificate2> [-SendX5C] -UserAssertion <String>
[-UserAssertionType <String>] [-RedirectUri <Uri>] [-AzureCloudInstance {None | AzurePublic | AzureChina |
AzureGermany | AzureUsGovernment}] [-TenantId <String>] [-Authority <Uri>] [-Scopes <String[]>] [-CorrelationId
<Guid>] [-ExtraQueryParameters <Hashtable>] [<CommonParameters>]
Get-MsalToken [-ClientId] <String> -ClientCertificate <X509Certificate2> [-SendX5C] -AuthorizationCode <String>
[-RedirectUri <Uri>] [-AzureCloudInstance {None | AzurePublic | AzureChina | AzureGermany | AzureUsGovernment}]
[-TenantId <String>] [-Authority <Uri>] [-Scopes <String[]>] [-CorrelationId <Guid>] [-ExtraQueryParameters
<Hashtable>] [<CommonParameters>]
Get-MsalToken [-SendX5C] [-AuthorizationCode <String>] [-UserAssertion <String>] [-UserAssertionType <String>]
[-AzureCloudInstance {None | AzurePublic | AzureChina | AzureGermany | AzureUsGovernment}] [-TenantId <String>]
[-Authority <Uri>] [-ConfidentialClientApplication] <IConfidentialClientApplication> [-Scopes <String[]>]
[-CorrelationId <Guid>] [-ExtraQueryParameters <Hashtable>] [-ForceRefresh] [<CommonParameters>]
hi, I updated to 4.16.0.4
but still getting an error:
Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used | together or an insufficient number of parameters were provided.
How I ran the script:
Get-MsalToken -ClientId $clientId -TenantId $tenantId -Authority $authority -Scopes $Scope -ClientCertificate $cert -XendX5C
This should be fixed now.
I looked at the source code of MSAL.PS version 4.14.0.1 and searched for "x5c". I see all occurrences have been commented:
Why? Is there a (pre-release) version where it's not/