使用Microsoft graph从Azure Portal中删除过期的证书

6fe3ivhb  于 2023-11-21  发布在  其他
关注(0)|答案(1)|浏览(141)

我正在尝试使用Microsoft graph小工具从Azure门户中的应用程序注册中删除过期证书。
我尝试使用Remove-MgApplicationKey无效。我得到一个错误

Remove-MgApplicationKey : Unexpected invalid input parameters. At line:73 char:17 + ... Remove-MgApplicationKey -ApplicationId $testapp.Id -KeyId ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

字符串
这个小工具的文档一点都不是很有用,所以我想知道是否有人成功地让这个工作?
谢谢

watbbzwu

watbbzwu1#

请注意,Remove-MgApplicationKey在执行操作之前需要将proof参数作为请求验证的一部分。但是对于过期的证书,您无法生成所有权证明。请参考此。
或者,您可以使用**Update操作,在keyCredentials参数中仅包含有效证书的详细信息:
我有一个名为CertApp的Azure AD应用程序,其中包含
有效过期**证书,如下所示:


的数据
在我的例子中,我使用下面的python代码来生成访问令牌,最初具有**Application.ReadWrite.All**权限:

from msal import ConfidentialClientApplication

clientID = "appId"
clientSecret = "secret"
scopes= ["https://graph.microsoft.com/.default"] 
tenantID = "tenantId"
authority = "https://login.microsoftonline.com/" + tenantID

app = ConfidentialClientApplication(clientID,clientSecret,authority=authority)
result = app.acquire_token_for_client(scopes=scopes)
access_token = result.get("access_token")
print(access_token)

字符串

回复:



现在,我运行下面的python代码,调用Microsoft Graph API,通过包含上面的token来更新只有有效证书的应用程序,如下所示:

import requests
from datetime import datetime

access_token = "token"
application_id = "appObjId"

url = f"https://graph.microsoft.com/v1.0/applications/{application_id}?$select=keyCredentials"
headers = {"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    current_time = datetime.now()
    key_credentials = response.json().get("keyCredentials", [])

    valid_certificates = [cred for cred in key_credentials if datetime.strptime(cred.get('endDateTime', ''), '%Y-%m-%dT%H:%M:%SZ') > current_time]
    expired_certificates = [cred for cred in key_credentials if datetime.strptime(cred.get('endDateTime', ''), '%Y-%m-%dT%H:%M:%SZ') <= current_time]

    print("Valid Certificates:")
    for cert in valid_certificates:
        print(f"DisplayName: {cert['displayName']}, End Date: {cert.get('endDateTime', 'N/A')}")

    print("\nExpired Certificates:")
    for cert in expired_certificates:
        print(f"DisplayName: {cert['displayName']}, End Date: {cert.get('endDateTime', 'N/A')}")

    valid_certificates_payload = [{
        "customKeyIdentifier": cert['customKeyIdentifier'],
        "type": cert['type'],
        "usage": cert['usage'],
        "key": cert['key'],
        "displayName": cert['displayName']
    } for cert in valid_certificates]

    patch_payload = {"keyCredentials": valid_certificates_payload}
    patch_url = f"https://graph.microsoft.com/v1.0/applications/{application_id}"
    patch_headers = {"Authorization": f"Bearer {access_token}", "Content-Type": "application/json"}

    patch_response = requests.patch(patch_url, json=patch_payload, headers=patch_headers)

    if patch_response.status_code == 204:
        print("\nPATCH request successful")
    else:
        print(f"Error: {patch_response.status_code} - {patch_response.text}")
else:
    print(f"Error: {response.status_code} - {response.text}")

回复:



当我在Portal中检查时,过期的证书成功删除,并且只有有效的证书存在于应用程序中,如下所示:


相关问题