Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Create a Self Signed Certificate and an Azure AD WebApp and Assign the Cert for Authentication. Associated blog post https://blog.darrenjrobinson.com/creating-an-azuread-webapp-using-powershell-to-leverage-certificate-based-authentication/
# Create a new self signed cert
$currentDate = Get-Date
$endDate = $currentDate.AddYears(10)
$notAfter = $endDate.AddYears(10)
$pwd = "P@SSW0rd1"
$myCert= New-SelfSignedCertificate -CertStoreLocation Microsoft.PowerShell.Security\Certificate::currentuser\my -DnsName mydev.mim.azure -KeyExportPolicy Exportable -Provider "Microsoft Enhanced RSA and AES Cryptographic Provider" -NotAfter $notAfter
# get thumbprint from Cert generated in line above
$thumbprint = 'fa782440c99cf86063b93e690f6df0ffakefakefake'
$pwd = ConvertTo-SecureString -String $pwd -Force -AsPlainText
Export-PfxCertificate -cert "cert:\localmachine\my\$thumbprint" -FilePath C:\temp\oAuth\CertBased\AzureAppsCert.pfx -Password $pwd
# Get the certificate
$x509cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate("C:\temp\oAuth\CertBased\AzureAppsCert.pfx", $pwd)
$keyValue = [System.Convert]::ToBase64String($x509cert.GetRawCertData())
$keyId = [guid]::NewGuid()
Import-Module AzureRM.Resources
$keyCreds = New-Object Microsoft.Azure.Graph.RBAC.Version1_6.ActiveDirectory.PSADKeyCredential
$keyCreds.StartDate = $currentDate
$keyCreds.EndDate= $endDate
$keyCreds.KeyId = $keyId
$keyCreds.CertValue = $keyValue
$keyCreds
# Login to Azure PowerShell
Import-Module AzureRM
$user = "admin@my.aadtenant.com"
$pass = "P@ssw0rd1"
$pass = ConvertTo-SecureString -String $pass -Force -AsPlainText
$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
$azureRM = Login-AzureRmAccount -Credential $creds
# Create the Azure AD App
$aadApp = New-AzureRmADApplication -DisplayName "AzureAD Scripts" -HomePage "https://localhost" -IdentifierUris "https://localhost" -KeyCredentials $keyCreds
# Create the Service Principal and connect it to the Application
New-AzureRmADServicePrincipal -ApplicationId $aadApp.ApplicationId
# Trigger GUI AuthN. Sign in as an Admin and accept the oAuth2 Permission Authorizations
Get-AzureADGraphAPIAccessTokenFromUser -ClientId $aadApp.ApplicationId -RedirectUri https://localhost -TenantDomain $azureRM.Context.Tenant.id
# Run these one by one to copy out the key variables to the clipboard to copy into our Connection Script.
$aadApp.ObjectId | clip
$aadApp.ApplicationId | clip
$thumbprint | clip
$azureRM.Context.Tenant.id | clip
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.