我一直在尝试通过Azure AD应用程序SPN进行身份验证,但它会引发错误说明:
AADSTS70001: Application with identifier '\60157752-a19e-xxxx-b27b-c9386e904fce' was not found in the directory c25f4xxx-da2a-4bd5-xxxx-d6407e8767ab
我已按照这些文章设置SPN进行身份验证:
https://azure.microsoft.com/en-us/documentation/articles/resource-group-create-service-principal-portal/ https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/
这是我用于设置新应用程序的PS:
Login-AzureRmAccount
$azureAdApplication = New-AzureRmADApplication -DisplayName "vso.1.1" -HomePage "https://fakeurl.com" -IdentifierUris "https://fakeurl.com" -Password "xxx"
$azureAdApplication
New-AzureRmADServicePrincipal -ApplicationId $azureAdApplication.ApplicationId
New-AzureRmRoleAssignment -RoleDefinitionName Reader -ServicePrincipalName $azureAdApplication.ApplicationId.Guid
如果我登录门户网站,我可以看到在默认目录下添加的新应用程序。如果我从PS登录则失败。这是我的登录脚本:
$creds = Get-Credential -UserName 60157752-a19e-4133-b27b-c9386e904fxe -Message 'enter pwd'
Login-AzureRmAccount -Credential $creds -ServicePrincipal -Tenant (Get-AzureRmContext).Tenant.TenantId -SubscriptionId 'x8366484-6abd-4741-a9c9-d693880d12x1'
我在这里错过了什么吗?
感谢您的帮助。