question

ElGhaliBenchekroun-6065 avatar image
1 Vote"
ElGhaliBenchekroun-6065 asked JordanMills-4024 commented

Automate SAML-based SSO app configuration with MS Graph- Signing certificate configuration problem

Hello,

I'm trying to use MS Graph in order to automate SAML-based SSO app configuration. I'm currently exploring this tutorial: https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/application-saml-sso-configure-api but I have a problem when I configure my signing certificate. I generate my own certificate but I don't know how to retrieve programmatically (with python script or powershell) my public and private key from the pfx file. And then, when I try to do it, it always sends me an error message: Invalid Key...



azure-ad-graph
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

It's easy, but not obvious if you are not familiar with it. This example creates the text that goes in as the value of "key" and "certificatepassword". I'm assuming you have the other values and they are created correctly.

populate $certificate with a reference to an System.Security.Cryptography.X509Certificates.X509Certificate2 certificate object. This could be in a certificate store, loaded from a file, or any other way available to you.

$certificate = gci Cert:\CurrentUser\my | where-object { $_.thumbprint = $thumbprint }

If ($certificate.HasPrivateKey) {

if it has no private key, you didn't select a valid certificate

$certificatepassword = [guid]::NewGuid().guid
$exportbytes = $certificate.Export([System.Security.Cryptography.X509Certificates.X509ContentType]::Pfx,$certificatepassword)
$key = [convert]::ToBase64String($exportbytes)
}

0 Votes 0 ·

1 Answer

soumi-MSFT avatar image
1 Vote"
soumi-MSFT answered soumi-MSFT commented

@EIGhaliBenchekroun-6065, Thank you for reaching out. Are you following the exact code for PowerShell present in that article?


As that script helps in creating a self signed certificate first and then it exports the private key (as .pfx file) and public key (as .cer file). For the test purpose, you can also export the private key manually and then check if the export works or not.


If that fails, will have to dig deeper to understand why the cert creation is failing. But ideally I have personally followed that script and it works for me.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @soumi-MSFT,
Thank you for your answer. I'm following the exact code for Powershell present in the article. And it creates a .pfx and a .cer file. But I don't know of to retrieve programmatically (with a python script or other...) the public key from the .cer file and the private key from the .pfx file. Furthermore, I need to convert that keys into strings in order to send it as a json...
How did you do it?
Many thanks



0 Votes 0 ·
soumi-MSFT avatar image soumi-MSFT ElGhaliBenchekroun-6065 ·

@EIGhaliBenchekroun-6055, Somehow I am not able share the script here as its not allowing me to post the Powershell script. Not sure why.
Can you please drop me an email to azcommunity[at]microsoft[dot]com, and mention this thread. I would share the script with you on the email for you try that out.

1 Vote 1 ·