我正在使用Azure自动化并使用cmdlet创建一本运行手册
$connection = Get-AutomationConnection -Name $Name
该连接链接到具有密钥的证书。如何通过此连接cmdlet提供密钥
Add-AzureRmAccount -ServicePrincipal `
-EnvironmentName "AzureUSGovernment" `
-Tenant $connection.TenantID `
-ApplicationId $connection.ApplicationID `
-CertificateThumbprint $connection.CertificateThumbprint `
-ErrorAction Stop `
|Out-Null
错误:
AADSTS70002: Error validating credentials. AADSTS50012: Client assertion contains an invalid signature. [Reason - The key was not found., Thumbprint of key used by client: 'xxx', Please visit 'https://developer.microsoft.com/en-us/graph/graph-explorer' and query for 'https://graph.microsoft.com/beta/applications/8a09f2d7-8415-4296-92b2-80bb4666c5fc' to see configured keys] Trace ID: adfa5f5d-aaf2-4657-9e5f-1966ad540600 Correlation ID: 68f34f9b-b773-46ed-993e-e06ead5dd6b4 Timestamp: 2018-08-10 02:58:01Z
答案 0 :(得分:0)
如果要使用服务主体登录,则需要create an authentication key进行操作,如果创建自动化帐户,它将自动创建一个AD应用程序和服务主体,更多详细信息请参考此{{ 3}}。
此外,当您通过命令SubscriptionId获得TenantId,ApplicationId,CertificateThumbprint,$connection = Get-AutomationConnection -Name $Name时。您应该使用$connection.FieldDefinitionValues.xxxxx来指定它,例如-Tenant $connection.FieldDefinitionValues.TenantID。
所以您的命令应该是:
$azurePassword = ConvertTo-SecureString "your key" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($connection.FieldDefinitionValues.ApplicationID, $azurePassword)
Add-AzureRmAccount -ServicePrincipal `
-EnvironmentName "AzureUSGovernment" `
-Tenant $connection.FieldDefinitionValues.TenantID `
-ApplicationId $connection.FieldDefinitionValues.ApplicationID `
-Credential $psCred `
-CertificateThumbprint $connection.FieldDefinitionValues.CertificateThumbprint