0

我正在使用 Azure 自动化创建运行手册并使用 cmdlet

$connection = Get-AutomationConnection -Name $Name

该连接链接到具有密钥的证书。如何使用此连接 cmdlet 提供密钥

    Add-AzureRmAccount -ServicePrincipal `
                   -EnvironmentName "AzureUSGovernment" `
                   -Tenant $connection.TenantID `
                   -ApplicationId $connection.ApplicationID `
                   -CertificateThumbprint $connection.CertificateThumbprint `
                   -ErrorAction Stop `
                   |Out-Null

错误:

AADSTS70002: Error validating credentials. AADSTS50012: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'xxx', Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/8a09f2d7-8415-4296-92b2-80bb4666c5fc' to see configured keys] Trace ID: adfa5f5d-aaf2-4657-9e5f-1966ad540600 Correlation ID: 68f34f9b-b773-46ed-993e-e06ead5dd6b4 Timestamp: 2018-08-10 02:58:01Z
4

1 回答 1

0

如果您想使用服务主体登录,您需要创建一个身份验证密钥来执行此操作,如果您创建一个自动化帐户,它将自动创建一个 AD 应用程序和服务主体,更多详细信息请参阅这篇文章

此外,当您通过命令获取SubscriptionId, TenantId,ApplicationId时。您应该使用 指定它,例如。CertificateThumbprint$connection = Get-AutomationConnection -Name $Name$connection.FieldDefinitionValues.xxxxx-Tenant $connection.FieldDefinitionValues.TenantID

所以你的命令应该是:

$azurePassword = ConvertTo-SecureString "your key" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($connection.FieldDefinitionValues.ApplicationID, $azurePassword)
Add-AzureRmAccount -ServicePrincipal `
                   -EnvironmentName "AzureUSGovernment" `
                   -Tenant $connection.FieldDefinitionValues.TenantID `
                   -ApplicationId $connection.FieldDefinitionValues.ApplicationID `
                   -Credential $psCred `
                   -CertificateThumbprint $connection.FieldDefinitionValues.CertificateThumbprint
于 2018-08-10T09:03:35.097 回答