powershell - 无法通过 PowerShell 将角色添加到 Azure 应用注册
问题描述
我正在使用 Powershell 将角色添加到 Azure 中的现有应用注册。我正在使用这个命令:
Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $newAppRoles
$newAppROles
是一个数组Microsoft.Open.AzureAD.Model.AppRole
当我执行上述命令时,我收到此错误:
Set-AzureADApplication:无法将“System.Collections.Generic.List`1[Microsoft.Open.AzureAD.Model.AppRole]”转换为参数“AppRoles”所需的“Microsoft.Open.AzureAD.Model.AppRole”类型。不支持指定的方法。
的文档SetAzureADApplication
说它需要一个应用程序角色列表;但我收到了这个错误。似乎没有其他文档可以帮助我。有人可以告诉我我做错了什么。
以下是完整代码
Connect-AzureAD
$myApp = ""
$appName = "Narasimham POC Powershell - Multiple reply URLs"
if (!($myApp = Get-AzureADApplication -Filter "DisplayName eq '$($appName)'" -ErrorAction SilentlyContinue)) {
Write-Output "Application $appName not found"
}
else {
Write-Output $myApp
$currentAppRoles = $myApp.AppRoles
$appRole = New-Object -TypeName Microsoft.Open.AzureAD.Model.AppRole
$appRole.IsEnabled = $true
$appRole.DisplayName = "Read Role"
$appRole.Value = "Reader"
$appRole.AllowedMemberTypes = "User"
$appRole.Id = New-Guid
$appRole.Description = "Reader Role for Narasimham POC Powershell"
$newAppRoles = @($currentAppRoles, $appRole)
Write-Output $newAppRoles
Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $newAppRoles
}
解决方案
我认为问题在于脚本中为当前角色添加新角色的部分。
尝试从您的问题中替换这部分脚本:
$newAppRoles = @($currentAppRoles, $appRole)
Write-Output $newAppRoles
Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $newAppRoles
用这样的东西代替:
$currentAppRoles.Add($appRole)
Write-Output $currentAppRoles
Set-AzureADApplication -ObjectId $myApp.ObjectId -AppRoles $currentAppRoles
这是我之前用来回答一个非常相似的 SO 问题的完整脚本,以防这对您更有帮助。这会为现有的注册应用程序添加一个新的应用程序角色:
Connect-AzureAD -TenantId <Tenant GUID>
# Create an application role of given name and description
Function CreateAppRole([string] $Name, [string] $Description)
{
$appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole
$appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string]
$appRole.AllowedMemberTypes.Add("User");
$appRole.DisplayName = $Name
$appRole.Id = New-Guid
$appRole.IsEnabled = $true
$appRole.Description = $Description
$appRole.Value = $Name;
return $appRole
}
# ObjectId for application from App Registrations in your AzureAD
$appObjectId = "<Your Application Object Id>"
$app = Get-AzureADApplication -ObjectId $appObjectId
$appRoles = $app.AppRoles
Write-Host "App Roles before addition of new role.."
Write-Host $appRoles
$newRole = CreateAppRole -Name "MyNewApplicationRole" -Description "This is my new Application Role"
$appRoles.Add($newRole)
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRoles
完成上述脚本以添加 AppRole 后,为用户分配角色非常简单,并且可以使用直接命令。这是一个示例脚本 -
# Assign the values to the variables
$username = "<You user's UPN>"
$app_name = "<Your App's display name>"
$app_role_name = "<App role display name>"
# Get the user to assign, and the service principal for the app to assign to
$user = Get-AzureADUser -ObjectId "$username"
$sp = Get-AzureADServicePrincipal -Filter "displayName eq '$app_name'"
$appRole = $sp.AppRoles | Where-Object { $_.DisplayName -eq $app_role_name }
# Assign the user to the app role
New-AzureADUserAppRoleAssignment -ObjectId $user.ObjectId -PrincipalId $user.ObjectId -ResourceId $sp.ObjectId -Id $appRole.Id
推荐阅读
- c++ - 在 VS Code 中调试 c++
- solr - 如何备份solr sollection?
- ios - 找不到 AppIcon
- android - Android Studio 更新到 4.1 警告“插件与发现的新版本不兼容:Firebase 服务”
- javascript - 检测到 HTML 语言时隐藏 DIV
- c - c - 再次静态和外部
- python - 从熊猫数据框中的系列中删除不需要的信息
- python - 获取基于列表的第一个元素相乘或求和的函数
- kubernetes - 如何根据嵌套值的存在有条件地渲染 helm 模板
- angular - 在 ANGULAR 中发布数组参数的正确方法是什么?