Azure
/
azure-saas
зеркало из https://github.com/Azure/azure-saas.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

it works!!!!!!!!

This commit is contained in:
Landon Pierce 2022-06-17 16:25:30 -04:00
Родитель 8461224780
Коммит ea1ec07104
2 изменённых файлов: 20 добавлений и 8 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
.github/workflows/build-artifacts.yml поставляемый
Просмотреть файл

@ -4,7 +4,6 @@ on:
push: push:
branches: branches:
- main - main
- users/chixcancode/b2cpowershell
paths: paths:
- ".github/workflows/**" - ".github/workflows/**"
- "src/**" - "src/**"

27
src/Saas.Identity/Saas.IdentityProvider/scripts/B2C-Create.ps1
Просмотреть файл

@ -85,8 +85,8 @@ function New-SaaSIdentityProvider {
# Upload policies # Upload policies
$configTokens = @{ $configTokens = @{
"{Settings:Tenant}" = "$($userInputParams.B2CTenantName).onmicrosoft.com" "{Settings:Tenant}" = "$($userInputParams.B2CTenantName).onmicrosoft.com"
"{Settings:ProxyIdentityExperienceFrameworkAppId}" = "$($appRegistrations.IEFAppReg.AppRegistrationProperties.AppId)" "{Settings:ProxyIdentityExperienceFrameworkAppId}" = "$($appRegistrations.IEFProxyAppReg.AppRegistrationProperties.AppId)"
"{Settings:IdentityExperienceFrameworkAppId}" = "$($appRegistrations.IEFProxyAppReg.AppRegistrationProperties.AppId)" "{Settings:IdentityExperienceFrameworkAppId}" = "$($appRegistrations.IEFAppReg.AppRegistrationProperties.AppId)"
"{Settings:PermissionsAPIUrl}" = "$($userInputParams.PermissionsApiFQDN)/api/CustomClaims/permissions" "{Settings:PermissionsAPIUrl}" = "$($userInputParams.PermissionsApiFQDN)/api/CustomClaims/permissions"
"{Settings:RolesAPIUrl}" = "$($userInputParams.PermissionsApiFQDN)/api/CustomClaims/roles" "{Settings:RolesAPIUrl}" = "$($userInputParams.PermissionsApiFQDN)/api/CustomClaims/roles"
"{Settings:RESTAPIClientCertificate}" = "$($trustFrameworkKeySetClientCertificateKeyId.Id)" "{Settings:RESTAPIClientCertificate}" = "$($trustFrameworkKeySetClientCertificateKeyId.Id)"
@ -111,7 +111,7 @@ function New-SaaSIdentityProvider {
azureAdB2cTenantIdSecretValue = @{ value = $createdTenantGuid } azureAdB2cTenantIdSecretValue = @{ value = $createdTenantGuid }
permissionsApiHostName = @{ value = $userInputParams.PermissionsApiFQDN } permissionsApiHostName = @{ value = $userInputParams.PermissionsApiFQDN }
permissionsApiCertificateSecretValue = @{ value = $selfSignedCert.PfxString } permissionsApiCertificateSecretValue = @{ value = $selfSignedCert.PfxString }
permissionsApiCertificatePassphraseSecretValue = @{ value = $userInputParams.SelfSignedCertificatePassword } permissionsApiCertificatePassphraseSecretValue = @{ value = ConvertFrom-SecureString -SecureString $userInputParams.SelfSignedCertificatePassword -AsPlainText }
saasProviderName = @{ value = $userInputParams.ProviderName } saasProviderName = @{ value = $userInputParams.ProviderName }
saasEnvironment = @{ value = $userInputParams.SaasEnvironment } saasEnvironment = @{ value = $userInputParams.SaasEnvironment }
saasInstanceNumber = @{ value = $userInputParams.InstanceNumber } saasInstanceNumber = @{ value = $userInputParams.InstanceNumber }
@ -314,7 +314,7 @@ function New-TrustFrameworkSigningKey {
$trustFrameworkKeySetName = "TokenSigningKeyContainer" $trustFrameworkKeySetName = "TokenSigningKeyContainer"
try { try {
$trustFrameworkKeySet = New-MgTrustFrameworkKeySet -Id $trustFrameworkKeySetName $trustFrameworkKeySet = New-MgTrustFrameworkKeySet -Id $trustFrameworkKeySetName
New-MgTrustFrameworkKeySetKey -TrustFrameworkKeySetId $trustFrameworkKeySet.Id -Kty "RSA" -Use "Sig" New-MgTrustFrameworkKeySetKey -TrustFrameworkKeySetId $trustFrameworkKeySet.Id -Kty "RSA" -Use "sig"
} catch { } catch {
Write-Warning "Error on creating new signing key. Error: $_" Write-Warning "Error on creating new signing key. Error: $_"
} }
@ -326,7 +326,7 @@ function New-TrustFrameworkEncryptionKey {
$trustFrameworkKeySetName = "TokenEncryptionKeyContainer" $trustFrameworkKeySetName = "TokenEncryptionKeyContainer"
try { try {
$trustFrameworkKeySet = New-MgTrustFrameworkKeySet -Id $trustFrameworkKeySetName $trustFrameworkKeySet = New-MgTrustFrameworkKeySet -Id $trustFrameworkKeySetName
New-MgTrustFrameworkKeySetKey -TrustFrameworkKeySetId $trustFrameworkKeySet.Id -Kty "RSA" -Use "Enc" New-MgTrustFrameworkKeySetKey -TrustFrameworkKeySetId $trustFrameworkKeySet.Id -Kty "RSA" -Use "enc"
} catch { } catch {
Write-Warning "Error on creating new encryption key. Error: $_" Write-Warning "Error on creating new encryption key. Error: $_"
} }
@ -573,12 +573,13 @@ function New-AppRegistration {
# Create the app registration using the Microsoft Graph API and store the result. # Create the app registration using the Microsoft Graph API and store the result.
$newApp = New-MgApplication ` $newApp = New-MgApplication `
-DisplayName $AppRegistrationData.DisplayName ` -DisplayName $AppRegistrationData.DisplayName `
-Api @{Oauth2PermissionScopes = $AppRegistrationData.OAuth2PermissionScopes } ` -Api @{Oauth2PermissionScopes = $AppRegistrationData.OAuth2PermissionScopes; RequestedAccessTokenVersion = $AppRegistrationData.RequestedAccessTokenVersion; } `
-IdentifierUris $AppRegistrationData.IdentifierUris ` -IdentifierUris $AppRegistrationData.IdentifierUris `
-RequiredResourceAccess $AppRegistrationData.RequiredResourceAccess ` -RequiredResourceAccess $AppRegistrationData.RequiredResourceAccess `
-PublicClient $AppRegistrationData.PublicClient ` -PublicClient $AppRegistrationData.PublicClient `
-IsFallbackPublicClient:$AppRegistrationData.IsFallbackPublicClient ` -IsFallbackPublicClient:$AppRegistrationData.IsFallbackPublicClient `
-Web $AppRegistrationData.Web ` -Web $AppRegistrationData.Web `
-SignInAudience $AppRegistrationData.SignInAudience `
-AppRoles $AppRegistrationData.AppRoles ` -AppRoles $AppRegistrationData.AppRoles `
# Sleep to give time for graph consistency to update before moving on # Sleep to give time for graph consistency to update before moving on
Start-Sleep -Seconds 3 Start-Sleep -Seconds 3
@ -811,9 +812,11 @@ function Install-AppRegistrations {
Value = "tenant.read"; Value = "tenant.read";
} }
) )
RequestedAccessTokenVersion = 2
RequiredResourceAccess = @($msGraphAccess) RequiredResourceAccess = @($msGraphAccess)
IsFallbackPublicClient = $false IsFallbackPublicClient = $false
PublicClient = @{} PublicClient = @{}
SignInAudience = "AzureADandPersonalMicrosoftAccount"
Web = @{ Web = @{
ImplicitGrantSettings = @{ ImplicitGrantSettings = @{
EnableAccessTokenIssuance = $true EnableAccessTokenIssuance = $true
@ -839,6 +842,7 @@ function Install-AppRegistrations {
DisplayName = "asdk-signupadmin-app" DisplayName = "asdk-signupadmin-app"
IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)") IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)")
OAuth2PermissionScopes = @() OAuth2PermissionScopes = @()
RequestedAccessTokenVersion = 2
RequiredResourceAccess = @(@{ RequiredResourceAccess = @(@{
ResourceAppId = $adminAppReg.AppRegistrationProperties.AppId ResourceAppId = $adminAppReg.AppRegistrationProperties.AppId
ResourceAccess = $adminAppRegConfig.OAuth2PermissionScopes | ForEach-Object { @{Id = $_.Id; Type = "Scope" } } ResourceAccess = $adminAppRegConfig.OAuth2PermissionScopes | ForEach-Object { @{Id = $_.Id; Type = "Scope" } }
@ -848,6 +852,7 @@ function Install-AppRegistrations {
IsFallbackPublicClient = $false IsFallbackPublicClient = $false
PublicClient = @{ } PublicClient = @{ }
SignInAudience = "AzureADandPersonalMicrosoftAccount"
Web = @{ Web = @{
ImplicitGrantSettings = @{ ImplicitGrantSettings = @{
EnableAccessTokenIssuance = $true EnableAccessTokenIssuance = $true
@ -884,6 +889,7 @@ function Install-AppRegistrations {
DisplayName = "asdk-permissions-api" DisplayName = "asdk-permissions-api"
IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)") IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)")
OAuth2PermissionScopes = @() OAuth2PermissionScopes = @()
RequestedAccessTokenVersion = 2
RequiredResourceAccess = @(@{ RequiredResourceAccess = @(@{
ResourceAppId = $msGraphAccess.ResourceAppId ResourceAppId = $msGraphAccess.ResourceAppId
ResourceAccess = @( ResourceAccess = @(
@ -902,6 +908,7 @@ function Install-AppRegistrations {
) )
IsFallbackPublicClient = $false IsFallbackPublicClient = $false
PublicClient = @{} PublicClient = @{}
SignInAudience = "AzureADandPersonalMicrosoftAccount"
Web = @{} Web = @{}
AppRoles = @{ AppRoles = @{
@ -929,6 +936,7 @@ function Install-AppRegistrations {
DisplayName = "asdk-saas-app" DisplayName = "asdk-saas-app"
IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)") IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)")
OAuth2PermissionScopes = @() OAuth2PermissionScopes = @()
RequestedAccessTokenVersion = 2
RequiredResourceAccess = @(@{ RequiredResourceAccess = @(@{
ResourceAppId = $adminAppReg.AppRegistrationProperties.AppId ResourceAppId = $adminAppReg.AppRegistrationProperties.AppId
ResourceAccess = @($adminAppRegConfig.OAuth2PermissionScopes | Where-Object { $_.Value -eq "tenant.read" } | ForEach-Object { @{Id = $_.Id; Type = "Scope" } }) ResourceAccess = @($adminAppRegConfig.OAuth2PermissionScopes | Where-Object { $_.Value -eq "tenant.read" } | ForEach-Object { @{Id = $_.Id; Type = "Scope" } })
@ -937,6 +945,7 @@ function Install-AppRegistrations {
) )
IsFallbackPublicClient = $false IsFallbackPublicClient = $false
PublicClient = @{ redirectUris = @("$($SaasAppFQDN)/signin-oidc") } PublicClient = @{ redirectUris = @("$($SaasAppFQDN)/signin-oidc") }
SignInAudience = "AzureADandPersonalMicrosoftAccount"
Web = @{ Web = @{
ImplicitGrantSettings = @{ ImplicitGrantSettings = @{
EnableAccessTokenIssuance = $true EnableAccessTokenIssuance = $true
@ -974,13 +983,15 @@ function Install-AppRegistrations {
} }
) )
RequestedAccessTokenVersion = $null
RequiredResourceAccess = @($msGraphAccess) RequiredResourceAccess = @($msGraphAccess)
IsFallbackPublicClient = $false IsFallbackPublicClient = $false
PublicClient = @{} PublicClient = @{}
SignInAudience = "AzureADMyOrg"
Web = @{ Web = @{
ImplicitGrantSettings = @{ ImplicitGrantSettings = @{
EnableAccessTokenIssuance = $false EnableAccessTokenIssuance = $false
EnableIdTokenIssuance = $false EnableIdTokenIssuance = $true
} }
LogoutUrl = "" LogoutUrl = ""
RedirectUris = @("https://$B2CTenantName.b2clogin.com/$B2CTenantName.onmicrosoft.com") RedirectUris = @("https://$B2CTenantName.b2clogin.com/$B2CTenantName.onmicrosoft.com")
@ -1001,6 +1012,7 @@ function Install-AppRegistrations {
DisplayName = "ProxyIdentityExperienceFramework" DisplayName = "ProxyIdentityExperienceFramework"
IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)") IdentifierUri = @("https://$($B2CTenantName).onmicrosoft.com/$(New-Guid)")
OAuth2PermissionScopes = @() OAuth2PermissionScopes = @()
RequestedAccessTokenVersion = $null
RequiredResourceAccess = @(@{ RequiredResourceAccess = @(@{
ResourceAppId = $iefAppReg.AppRegistrationProperties.AppId ResourceAppId = $iefAppReg.AppRegistrationProperties.AppId
ResourceAccess = @($iefAppRegConfig.OAuth2PermissionScopes | ForEach-Object { @{Id = $_.Id; Type = "Scope" } }) ResourceAccess = @($iefAppRegConfig.OAuth2PermissionScopes | ForEach-Object { @{Id = $_.Id; Type = "Scope" } })
@ -1011,6 +1023,7 @@ function Install-AppRegistrations {
PublicClient = @{ PublicClient = @{
redirectUris = @("myapp://auth") redirectUris = @("myapp://auth")
} }
SignInAudience = "AzureADMyOrg"
Web = @{ Web = @{
ImplicitGrantSettings = @{ } ImplicitGrantSettings = @{ }
LogoutUrl = "" LogoutUrl = ""