我对 Microsoft 的 GraphAPI 有疑问。
在文档中,我没有从第 4 点开始。
链接:Automate SAML-based SSO app configuration with Microsoft Graph API
我的问题是:
文档中是“从 PFX 文件中提取 Base64 编码的私钥和公钥”。
我尝试了很多事情,但我尝试的所有事情总是出错。
我不知道如何上传签名证书。
验证证书的上传没有问题。
GraphAPI 的错误代码是:
Error: Code: Request_BadRequest
Message: The value for the property "usage" in one of your credentials is invalid. Acceptable values are Sign, Verify.
你们中有人知道出了什么问题吗?
谢谢
【问题讨论】:
标签: c# azure .net-core azure-ad-graph-api
如错误所示,usage 属性的值使用 Sign 或 Verify。
并且在link中也有注明。
keyCredentials 属性中的“key”值被缩短为 可读性。该值是 base 64 编码的。对于私钥 属性用法是“标志”。对于公钥,属性用法是 “验证”。
检查 keyCredentials 的属性 usage。
"keyCredentials":[
{
"customKeyIdentifier": "lY85bR8r6yWTW6jnciNEONwlVhDyiQjdVLgPDnkI5mA=",
"endDateTime": "2021-04-22T22:10:13Z",
"keyId": "4c266507-3e74-4b91-aeba-18a25b450f6e",
"startDateTime": "2020-04-22T21:50:13Z",
"type": "AsymmetricX509Cert",
"usage": "Sign",
"key":"MIIKIAIBAz.....HBgUrDgMCERE20nuTptI9MEFCh2Ih2jaaLZBZGeZBRFVNXeZmAAgIH0A==",
"displayName": "CN=awsAPI"
}]
【讨论】:
从我的角度来看,我完全按照文档进行操作。
我的 JSON 看起来像:
{
"keyCredentials": [
{
"customKeyIdentifier": "ZWxYN1pOc21Od3NJUU4rYjduTUNxclJ5emtrPQ==",
"endDateTime": "2030-07-08T16:06:27+02:00",
"keyId": "a3892889-b097-4c36-ac69-5fb3d18d2396",
"startDateTime": "2020-07-09T16:06:27+02:00",
"type": "AsymmetricX509Cert",
"usage": "Sign",
"key": "MIIC1TCCAb2gAwIBAgIIK2yf8UkTD3swDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAxMGYXdzQVBJMB4XDTIwMDcwOTE0MDYyN1oXDTMwMDcwODE0MDYyN1owETEPMA0GA1UEAxMGYXdzQVBJMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF4Ue9mB3nhueo+L/ZxPr1GmO/Iqx2upXdwBm7xZFwZ59rV2MSb66RZXOaUQlqERQjfmbdADwmNN4XWSk6oR7h8LFz8/+LLf2ZVVJbq6mnuTtLX11uGpKi6dpObMC0nqDLu/hwApcjSiMS8VtdP9QyJNtydE4+T0aXGDOL34ZDRlxKY+1uy1w3KI6ZFYib7c4/cJ1+PDr9YdC4hu8dus6fzVRE9v63Rg/CjiHIXaWiaOcftw5wOh9rS4qtvrI+u+muIYQrvkR+Ex1aAwKo/T5aDnj/kHRXsNV1qpZxT1cqtJNON3feYD7Il8lkXOuBPdPVccsNLvAgHfiEYUwnFE+QIDAQABozEwLzALBgNVHQ8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAjpVAJOwl1gN22hNm98cw0+a1o+m1W4jp9WPe2Qovhu8wvY22xPwPL53iZuPFLe+4aHGIgdO4GXPt19xGH1qZAhITLzeUillCnMvx55ufLOYB95J4V8r8cfT7IO2OYpeHe4kiUCeDNt80F62PLVopONdf7Z9ULrSG8gX6GSVDPz6kqK2t7fAre9ppjkUfQOwtY+ybwtao7Awa9+xafvVz1LGZubuUESXOozeY0SRezOlUaJd5h94vHXKMk8ZmtUZaOXnujfGcZKErkEmgNhtBoc4OtDkAZpDXfDlOrY+Tea8eOejiz9+O4WNsYOXoZ2TLS3YY6IFKDsRj+M3sm7A87",
"displayName": "CN=awsAPI",
"@odata.type": "microsoft.graph.keyCredential"
},
{
"customKeyIdentifier": "ZWxYN1pOc21Od3NJUU4rYjduTUNxclJ5emtrPQ==",
"endDateTime": "2030-07-08T16:06:27+02:00",
"keyId": "b022f959-3f36-4880-8537-265f62ba9df0",
"startDateTime": "2020-07-09T16:06:27+02:00",
"type": "AsymmetricX509Cert",
"usage": "Verify",
"key": "MIIC1TCCAb2gAwIBAgIIK2yf8UkTD3swDQYJKoZIhvcNAQELBQAwETEPMA0GA1UEAxMGYXdzQVBJMB4XDTIwMDcwOTE0MDYyN1oXDTMwMDcwODE0MDYyN1owETEPMA0GA1UEAxMGYXdzQVBJMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF4Ue9mB3nhueo+L/ZxPr1GmO/Iqx2upXdwBm7xZFwZ59rV2MSb66RZXOaUQlqERQjfmbdADwmNN4XWSk6oR7h8LFz8/+LLf2ZVVJbq6mnuTtLX11uGpKi6dpObMC0nqDLu/hwApcjSiMS8VtdP9QyJNtydE4+T0aXGDOL34ZDRlxKY+1uy1w3KI6ZFYib7c4/cJ1+PDr9YdC4hu8dus6fzVRE9v63Rg/CjiHIXaWiaOcftw5wOh9rS4qtvrI+u+muIYQrvkR+Ex1aAwKo/T5aDnj/kHRXsNV1qpZxT1cqtJNON3feYD7Il8lkXOuBPdPVccsNLvAgHfiEYUwnFE+QIDAQABozEwLzALBgNVHQ8EBAMCBaAwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQAjpVAJOwl1gN22hNm98cw0+a1o+m1W4jp9WPe2Qovhu8wvY22xPwPL53iZuPFLe+4aHGIgdO4GXPt19xGH1qZAhITLzeUillCnMvx55ufLOYB95J4V8r8cfT7IO2OYpeHe4kiUCeDNt80F62PLVopONdf7Z9ULrSG8gX6GSVDPz6kqK2t7fAre9ppjkUfQOwtY+ybwtao7Awa9+xafvVz1LGZubuUESXOozeY0SRezOlUaJd5h94vHXKMk8ZmtUZaOXnujfGcZKErkEmgNhtBoc4OtDkAZpDXfDlOrY+Tea8eOejiz9+O4WNsYOXoZ2TLS3YY6IFKDsRj+M3sm7A87",
"displayName": "CN=awsAPI",
"@odata.type": "microsoft.graph.keyCredential"
}
],
"@odata.type": "microsoft.graph.servicePrincipal"
}
如您所见,我将值 Sign 和 Verify 用于“usage”属性
Error: Code: Request_BadRequest
Message: The value for the property "usage" in one of your credentials is invalid. Acceptable values are Sign, Verify.
为了重现上面的错误,我没有缩短键
【讨论】: