VIKEnut'

Pt

РусскийDeutschEspañol

Tema escuro

Write

Tema escuro

Pt

РусскийDeutschEspañol
azure-ad-graph-apiazureazure-active-directorypowershell

“Erro inesperado” ao conectar-se ao Azure AD com o Connect-MsolService -AccessToken

Estou usando a nova versão de visualização do módulo PS do Azure AD. Estou tentando conectar-me através do novo parâmetro AccessToken:

Connect-MsolService - AccessToken ey...

Mas estou recebendo um "Erro inesperado" de volta.

Connect-MsolService : An unexpected error occurred.
At line:1 char:1
+ Connect-MsolService -AccessToken eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.InvalidHeaderException,Microsoft.Online.Admin
istration.Automation.ConnectMsolService

Connect-MsolService : Exception of type 'Microsoft.Online.Administration.Automation.MicrosoftOnlineException' was
thrown.
At line:1 char:1
+ Connect-MsolService -AccessToken eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1 ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.MicrosoftOnlineException,Microsoft.Online.Adm
inistration.Automation.ConnectMsolService

Sei que o token de acesso que estou usando é bom porque posso usá-lo para chamar a API do Graph do Postman. Alguém conseguiu fazer isso funcionar?

Editar: Não tenho certeza do motivo do voto negativo, mas apenas para mostrar que fiz minha lição de casa, aqui está a solicitação / resposta que o módulo PS está fazendo nos bastidores, capturado com um rastreio do Fiddler. Ele contém a mensagem útil "O cabeçalho da identidade do usuário é inválido".

Solicitação

POST https://provisioningapi.microsoftonline.com/provisioningwebservice.svc HTTP/1.1

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://provisioning.microsoftonline.com/IProvisioningWebService/MsolConnect</a:Action>
    <a:MessageID>urn:uuid:df0e35bd-ef05-48cd-a623-a1134b0b2ed6</a:MessageID>
    <a:ReplyTo>
      <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
    </a:ReplyTo>
    <UserIdentityHeader xmlns="http://provisioning.microsoftonline.com/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
      <BearerToken xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService">Bearer ey...</BearerToken>
      <LiveToken i:nil="true" xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService"/>
    </UserIdentityHeader>
    <ClientVersionHeader xmlns="http://provisioning.microsoftonline.com/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
      <ClientId xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService">50afce61-c917-435b-8c6d-60aa5a8b8aa7</ClientId>
      <Version xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService">1.1.8806.11</Version>
    </ClientVersionHeader>
    <ContractVersionHeader xmlns="http://becwebservice.microsoftonline.com/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
      <BecVersion xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService">Version32</BecVersion>
    </ContractVersionHeader>
    <TrackingHeader xmlns="http://becwebservice.microsoftonline.com/">bf71f0c6-add7-4046-9209-bfd584ca3c28</TrackingHeader>
    <a:To s:mustUnderstand="1">https://provisioningapi.microsoftonline.com/provisioningwebservice.svc</a:To>
  </s:Header>
  <s:Body>
    <MsolConnect xmlns="http://provisioning.microsoftonline.com/">
      <request xmlns:b="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
        <b:BecVersion>Version4</b:BecVersion>
        <b:TenantId i:nil="true"/>
        <b:VerifiedDomain i:nil="true"/>
      </request>
    </MsolConnect>
  </s:Body>
</s:Envelope>

Resposta

HTTP/1.1 500 Internal Server Error

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing">
  <s:Header>
    <a:Action s:mustUnderstand="1">http://provisioning.microsoftonline.com/IProvisioningWebService/MsolConnectInvalidHeaderExceptionFault</a:Action>
    <a:RelatesTo>urn:uuid:df0e35bd-ef05-48cd-a623-a1134b0b2ed6</a:RelatesTo>
  </s:Header>
  <s:Body>
    <s:Fault>
      <s:Code>
        <s:Value>s:Sender</s:Value>
      </s:Code>
      <s:Reason>
        <s:Text xml:lang="en-US">The creator of this fault did not specify a Reason.</s:Text>
      </s:Reason>
      <s:Detail>
        <InvalidHeaderException xmlns="http://schemas.datacontract.org/2004/07/Microsoft.Online.Administration.WebService" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
          <HelpLink i:nil="true"/>
          <Message>The user identity header is invalid.</Message>
          <OperationId i:nil="true"/>
          <Source>Microsoft.Online.Administration.PublicBecWebService</Source>
          <StackTrace>   at Microsoft.Online.Administration.WebService.BecWebServiceAuthenticationManager.ValidateJwtTokenV2(String bearerToken) in x:\bt\533229\repo\src\dev\om\administration\publicbecwebservice\BecWebServiceAuthenticationManager.cs:line 371&#xD;
    at Microsoft.Online.Administration.WebService.BecWebServiceAuthenticationManager.CheckAccessCore(OperationContext operationContext) in x:\bt\533229\repo\src\dev\om\administration\publicbecwebservice\BecWebServiceAuthenticationManager.cs:line 723</StackTrace>
        </InvalidHeaderException>
      </s:Detail>
    </s:Fault>
  </s:Body>
</s:Envelope>

Veja como estou obtendo o token de acesso. Estou usando o fluxo de credenciais do cliente, pois, em última análise, meu objetivo é executar isso na Automação do Azure.

$clientId = "20bc779d-0edb-4a00-becf-xxx"
$redirectUri = new-object System.Uri("urn:ietf:wg:oauth:2.0:oob")
$resourceId = "https://graph.windows.net"
$authority = "https://login.windows.net/mydirectory.onmicrosoft.com"
$key = ConvertTo-SecureString $keyFromAzurePortal -AsPlainText -Force
$cred = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential ($clientId, $key)

$authContext = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext($authority)
$authResult = $authContext.AcquireToken($resourceId, $cred)

questionAnswers(1)

yourAnswerToTheQuestion

Perguntas populares

0 a resposta

\ n ou \ n no php echo não imprime [duplicado]

0 a resposta

Falha na inicialização do MediaRecorder -2147483648

0 a resposta

substituição de propriedade de arquétipo maven

0 a resposta

Na arquitetura Web Api / Owin, onde são processadas as solicitações para &#39;/ token&#39;?

0 a resposta

Inscreva-se no evento C # .net no VB6