AzureADAppProxy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Register Azure AD App Proxy Connector | |
# PS! Using Credential Object cannot be used with MFA enabled administrator accounts, use offline token | |
$User = "<username of global administrator>" | |
$PlainPassword = '<password>' | |
$SecurePassword = $PlainPassword | ConvertTo-SecureString -AsPlainText -Force | |
$cred = New-Object –TypeName System.Management.Automation.PSCredential –ArgumentList $User, $SecurePassword | |
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector" | |
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" ` | |
-moduleName "AppProxyPSModule" -Authenticationmode Credentials -Usercredentials $cred | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Get Offline Token for Azure AD App Proxy Register Connector | |
# Then Register Connector with that Token | |
# Locate AzureAD/AzureADPreview PowerShell Module | |
# Change Name of Module to AzureAD or AzureADPreview after what you have installed | |
$AADPoshPath = (Get-InstalledModule -Name AzureADPreview).InstalledLocation | |
# Set Location for ADAL Helper Library | |
$ADALPath = $(Get-ChildItem -Path $($AADPoshPath) -Filter Microsoft.IdentityModel.Clients.ActiveDirectory.dll -Recurse ).FullName | ` | |
Select-Object -Last 1 | |
# Add ADAL Helper Library | |
Add-Type -Path $ADALPath | |
#region constants | |
# The AAD authentication endpoint uri | |
[uri]$AadAuthenticationEndpoint = "https://login.microsoftonline.com/common/oauth2/token?api-version=1.0/" | |
# The application ID of the connector in AAD | |
[string]$ConnectorAppId = "55747057-9b5d-4bd4-b387-abf52a8bd489" | |
# The reply address of the connector application in AAD | |
[uri]$ConnectorRedirectAddress = "urn:ietf:wg:oauth:2.0:oob" | |
# The AppIdUri of the registration service in AAD | |
[uri]$RegistrationServiceAppIdUri = "https://proxy.cloudwebappproxy.net/registerapp" | |
#endregion | |
#region GetAuthenticationToken | |
# Set AuthN context | |
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" ` | |
-ArgumentList $AadAuthenticationEndpoint | |
# Build platform parameters | |
$promptBehavior = [Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Always | |
$platformParam = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.PlatformParameters" -ArgumentList $promptBehavior | |
# Do AuthN and get token | |
$authResult = $authContext.AcquireTokenAsync($RegistrationServiceAppIdUri.AbsoluteUri, ` | |
$ConnectorAppId, ` | |
$ConnectorRedirectAddress, ` | |
$platformParam).Result | |
# Check AuthN result | |
If (($authResult) -and ($authResult.AccessToken) -and ($authResult.TenantId) ) { | |
$token = $authResult.AccessToken | |
$tenantId = $authResult.TenantId | |
} | |
Else { | |
Write-Output "Authentication result, token or tenant id returned are null" | |
} | |
#endregion | |
# Create a secure string from token | |
$secureToken = $token | ConvertTo-SecureString -AsPlainText -Force | |
# Register connector with secure token and tenant guid | |
Set-Location "C:\Program Files\Microsoft AAD App Proxy Connector" | |
.\RegisterConnector.ps1 -modulePath "C:\Program Files\Microsoft AAD App Proxy Connector\Modules\" ` | |
-moduleName "AppProxyPSModule" -Authenticationmode Token -Token $SecureToken -TenantId $tenantId ` | |
-Feature ApplicationProxy | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment