azure - 通过 MS Graph Explorer 更新 Azure AD App appRoles
问题描述
我正在尝试通过 MS Graph Explorer 更新我的 Azure AD 应用程序的 AppRoles。该应用程序用于使用我们的 AWS 帐户设置 SSO。
URI 如下所示。GET 查询正确返回服务主体的所有属性。 https://graph.microsoft.com/beta/servicePrincipals/2141b14a-096a-4f26-a73f-4175a4f475f7
但是当尝试“修补”“appRoles”部分时,我收到以下错误:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties on the service principal does not match the application object.",
"innerError": {
"request-id": "0408c2a3-1f1c-4dd6-aacf-6c2c1cca8b98",
"date": "2018-08-10T01:13:40"
}
}
}
请求正文如下(代码稍作修改以进行屏蔽)
{ "appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "AWS Developers",
"id": "7dfd756e-8c17-4472-b2b7-38c17fc5de79",
"isEnabled": true,
"description": "Developers",
"value": "arn:aws:iam::12345678910:role/developers-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "AWS Admins",
"id": "7dfd756e-8c27-4412-b1b7-38c17fc1de83",
"isEnabled": true,
"description": "AWS-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "IT MGMT",
"id": "7dfd756e-8c17-4172-b1b7-38c11fc1de81",
"isEnabled": true,
"description": "ITS-MGMT-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/ITMGMT-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "S3 Bucket Admins",
"id": "7dfd756e-8c17-4412-b1b1-31c17fc1de18",
"isEnabled": true,
"description": "AWS-S3-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/AWS-S3-Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "EC2 Admins",
"id": "7d1d756e-8c27-4471-12b7-38c17fc5de78",
"isEnabled": true,
"description": "AWS-EC2-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/AWS-EC2Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Network Admins",
"id": "1dfd756e-8c27-4472-b2b7-38c11fc5de67",
"isEnabled": true,
"description": "AWS-Network-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/Network-Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "msiam_access",
"id": "7dfd756e-8c21-1471-b1b7-11c27fc5de5e",
"isEnabled": true,
"description": "msiam_access",
"value": null
}]}
我验证了 JSON 代码,但 MS Graph Explorer 仍然告诉我缺少一些东西。
我尝试使用 Azure AD 应用程序的所有属性运行 PATCH 查询,但收到相同的错误。
有没有人遇到过这个?你的解决方法是什么?
解决方案
推荐阅读
- r - 假设“f10 = 0”没有很好的形成
- reactjs - 从 Firebase 存储下载文件
- verilog - systemverilog 测试台中的时钟切换
- ruby-on-rails - 在 Rails 7 中为 jsbundling-rails gem 运行 Watcher 作为 systemd 服务
- python - Azure SQL Server 批量插入 TCP 提供程序问题
- python - ValueError:Django 中关闭文件的 I/O 操作
- android - 在重定向 URL 中,URL 片段部分在 Android 应用程序中被删除
- reactjs - 未在 Azure 的 React 客户端上设置 http-only cookie
- r - 运行假设检验时 r 代码出错
- python - Facebook Marketing/Insights API 返回 OAuthException,错误代码为 100 缺少权限