I hereby claim:
- I am kasenga on github.
- I am kasenga (https://keybase.io/kasenga) on keybase.
- I have a public key whose fingerprint is FB9B D1DB 4437 5808 EC99 15F0 3E72 32BC 6C18 CD0D
To claim this, I am signing this object:
Kasenga Kapansa Kasenga
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kasenga Kapansa - July 2021 | |
| # This script connects to Azure AD to obtain a token and uses it to call MsGraph using the client credentials grant flow | |
| # It also reads object ids from a json file | |
| #Goal: to revoke all sign-ins and refresh tokens listed in a json file | |
| # To run: | |
| # 1. Create an Azure AD app registration and assign the Microsoft Graph Application permission: Directory.Read.All or Directory.ReadWrite.All and grant admin consent | |
| # 2. Generate and take note of the client secret | |
| # 3. Populate the values below: client id (app id), tenant id, client secret | |
| # 4. Create a json file with a headings of "id", "userPrincipalName" and include the list of object ids you intend to revoke sign-ins for. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Kasenga Kapansa - July 2021 | |
| # This script connects to Azure AD to obtain a token and uses it to call MsGraph using the client credentials grant flow | |
| # It also writes the results to a json file. | |
| # Goal: to obtain a list of all objectIds in a tenant and write them to a json file. This file should then be modified to include only those users who need to have their sign-in sessions and refresh tokens revoked. | |
| # To run: | |
| # 1. Create an Azure AD app registration and assign the Microsoft Graph Application permission: Directory.Read.All or Directory.ReadWrite.All and grant admin consent | |
| # 2. Generate and take note of the client secret | |
| # 3. Populate the values below: client id (app id), tenant id, client secret | |
| # 4. Create a folder for your json file. |
Kasenga
/ adfsClientCredentials.cs
Last active
March 3, 2021 02:51
A dotnet core console app using MSAL and client credentials to obtain an access token from AD FS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * May 2020 - Kasenga Kapansa, revised March 2021 | |
| * https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/wiki/Client-credential-flows | |
| * https://github.com/Kasenga/ClientCredentialWithCertificate-ADFS/edit/master/Program.cs | |
| */ | |
| using System.Security.Cryptography.X509Certificates; | |
| using Microsoft.Identity.Client; | |
| using System; | |
| using System.Threading.Tasks; |
Kasenga
/ ClientCredentialWithCertificate-ADFS
Created
June 28, 2020 22:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Generate a self-signed certificate, save it to the current user's personal store | |
| $displayName = "TestCreate" | |
| Write-Host "Creating the client certificate for application $displayName" | |
| $certificate=New-SelfSignedCertificate -Subject CN=$displayName ` | |
| -CertStoreLocation "Cert:\CurrentUser\My" ` | |
| -KeyExportPolicy Exportable ` | |
| -KeySpec Signature |
Kasenga
/ kaybase.md
Created
October 25, 2018 03:25