Subject Name/Issuer Authentication?

[mbearup]

I'm attempting to use Subject Name/Issuer authentication (with a Service Principal) to enable automatic rotation of secrets, The API allegedly supports this by supplying an optional public_certificate parameter, however...

1. When I supply this parameter, I get an error indicating that the parameter must contain "BEGIN PRIVATE KEY". This seems unusual since all we really need is the subject name/SAN.
2. When I provide the full public/private key I still get a login error...

Is there some special way this parameter must be provided, or a preferred ADAL version? Thanks,

[mbearup]

Looks like this was due to using an old version of ADAL. However, I now get error AADSTS700027 -"The provided signature value did not match the expected signature value." It seems to thing my cert is valid from year 0000 to 9999 which is not the case...

[mbearup]

The latest issue was because I was passing the entire chain, which caused the CA (first in the chain) to be parsed. Perhaps we should update the docs to clarify that only the leaf cert (in PEM/str format) should be passed.