Comments (17)
jazuntee
commented on August 23, 2024
4
Thank you @darrenjrobinson for the step by step. Sorry for the delay. I was able to reproduce when I created the certificate using the command in your screenshot.
Based on the error message, I added -KeySpec Signature to the New-SelfSignedCertificate command when generating the certificate. That fixed the issue for me. That should technically be included on the cert anyway so it can be used to sign the JWT.
from msal.ps.
JManDoo
commented on August 23, 2024
1
I am late to the party, but as a special mention for followers or peoble that comes into the same issue as yours.
The certificate above is located under: localmachine, so make sure you start your script/app with rights to access local machine otherwise use it in userstore.
@krzydoug Here is what solved it for me thanks @DennisBergemann
Adding the user/service account to access the Private Key of the certificate
from msal.ps.
jazuntee
commented on August 23, 2024
@darrenjrobinson That command works for me. What is the object type of the certificate variable you are providing?
PS C:\Users\jason> $ClientCertificate = (Get-ChildItem 'Cert:\CurrentUser\My\38E962BBCA768BA52EE9A997A1FEA32A811BD911')
PS C:\Users\jason> $ClientCertificate.GetType()
IsPublic IsSerial Name BaseType
-------- -------- ---- --------
True True X509Certificate2 System.Security.Cryptography.X509Certificates.X509Certifi...
from msal.ps.
darrenjrobinson
commented on August 23, 2024
It works for me in PowerShell 7.x but fails on Windows PowerShell 5.1 @jasoth
ObjectType of the Cert is the same as you.
from msal.ps.
jazuntee
commented on August 23, 2024
The exception is occurring in the MSAL.NET library so the module is returning the inner exception as the error. Could it be a permission issue to the private key?
https://stackoverflow.com/questions/22581811/invalid-provider-type-specified-cryptographicexception-when-trying-to-load-pri
from msal.ps.
darrenjrobinson
commented on August 23, 2024
Interesting. If it was a permissions issue though I'd expect it to fail regardless of PS version as it is being used under the context of the same User in both v5.1 and v7.
The same error is thrown under Administrative and User contexts (but only in PS v5.1).
Here is it working in PS7 (Administrative context).
from msal.ps.
jazuntee
commented on August 23, 2024
@darrenjrobinson are you still having an issue with this? It appears to be some difference between how the certificate providers work on each platform so there probably isn't much I can do to help. I have not been able to reproduce the issue myself either. Let me know if you can help me repo. Otherwise, I will close this out.
from msal.ps.
darrenjrobinson
commented on August 23, 2024
@jasoth yes still having the issue. Have just updated to the latest MSAL.PS (4.21.0.1) module in WinPS5.1x and am getting the same error.
from msal.ps.
jazuntee
commented on August 23, 2024
@darrenjrobinson Are you able to reproduce this with another certificate? Could you provide the steps used to get the certificate so I can attempt to repro as well?
from msal.ps.
darrenjrobinson
commented on August 23, 2024
Hey @jasoth ,
I've gone through to reproduce it again.
Following the same process I detailed in the MSAL.PS with Certificates blogpost from a few months back here
Generate Certificate
Export the Certificate
Convert the Certificate for upload to AAD
Upload to AAD App
Using the Cert for AuthN to the AAD App with PowerShell 7.0.3
Using the Cert for AuthN to the AAD App with Windows PowerShell 5.1
Interestingly I hadn't seen this particular expanded error message previously.
Here is the PSVersionTable from the error session above
And Module Version
from msal.ps.
SLeuthold
commented on August 23, 2024
Following this thread! I'm getting the same issue.
from msal.ps.
giani09
commented on August 23, 2024
same here :(
from msal.ps.
YuriySamorodov
commented on August 23, 2024
Same =(
from msal.ps.
tehKNi
commented on August 23, 2024
Yeh, same. Following :-)
from msal.ps.
DennisBergemann
commented on August 23, 2024
I am late to the party, but as a special mention for followers or peoble that comes into the same issue as yours.
The certificate above is located under: localmachine, so make sure you start your script/app with rights to access local machine otherwise use it in userstore.
from msal.ps.
krzydoug
commented on August 23, 2024
Based on the error message, I added
-KeySpec Signatureto theNew-SelfSignedCertificatecommand when generating the certificate. That fixed the issue for me. That should technically be included on the cert anyway so it can be used to sign the JWT.
So our existing cert just won't work in 5.1?
from msal.ps.
iamkl00t
commented on August 23, 2024
I am late to the party, but as a special mention for followers or peoble that comes into the same issue as yours.
The certificate above is located under: localmachine, so make sure you start your script/app with rights to access local machine otherwise use it in userstore.
Thank you - this was exactly my problem - just needed to run powershell as admin 🤦🏻♂️
from msal.ps.
Related Issues (20)
- IntegratedWindowsAuth example? HOT 4
- MSAL token provided only works with MS Graph HOT 1
- Support WAM as an Authentication Method
- Get-MsalToken fails to launch interactive authentication prompt from Windows Terminal HOT 4
- replace load of PS1 files in psd1 by a main psm1 loading the ps1 HOT 3
- -Scope or -Scopes? HOT 1
- Import Module fails when home./config is not present HOT 1
- Missing Get-MsalToken in version 4.37.0.0 HOT 1
- New-MsalClientApplication : Cannot convert argument "builder" HOT 4
- MSAL.PS in Azure Automation with 7.2 Runbook
- Get-MsalToken fails for some users, references a .NET in error message. HOT 3
- New-MsalClientApplication : Cannot convert argument "builder" HOT 4
- "Microsoft.Identity.Client.dll" conflicts w/same assembly from ExchangeOnlineManagement module HOT 3
- I get this error with Select-MsalClientApplication.ps1
- Import-Module MSAL.PS retrieve errors
- Primary refresh token missing in WebView2, unable to authenticate HOT 4
- Import-Module : Could not load file or assembly 'file:///C:\Program Files\WindowsPowerShell\Modules\MSAL.PS\4.37.0.0\Microsoft.Identity.Client.4.37.0\net45\Microsoft.Identity.Client.dll' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)
- Use with different ResourceUri's? HOT 2
- Unable to convert .cert file to type X509Certificates.X509Certificate2
- Version of Microsoft.Identity.Client is significantly dated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from msal.ps.