我正在尝试通过 MS Graph Explorer 更新我的 Azure AD 应用程序的 AppRoles。该应用程序用于使用我们的 AWS 帐户设置 SSO。
URI 如下所示。 GET 查询正确返回服务主体的所有属性。 https://graph.microsoft.com/beta/servicePrincipals/2141b14a-096a-4f26-a73f-4175a4f475f7
但是当尝试“修补”“appRoles”部分时,我收到以下错误:
{
"error": {
"code": "Request_BadRequest",
"message": "One or more properties on the service principal does not match the application object.",
"innerError": {
"request-id": "0408c2a3-1f1c-4dd6-aacf-6c2c1cca8b98",
"date": "2018-08-10T01:13:40"
}
}
}
请求体如下(代码稍作屏蔽)
{ "appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "AWS Developers",
"id": "7dfd756e-8c17-4472-b2b7-38c17fc5de79",
"isEnabled": true,
"description": "Developers",
"value": "arn:aws:iam::12345678910:role/developers-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "AWS Admins",
"id": "7dfd756e-8c27-4412-b1b7-38c17fc1de83",
"isEnabled": true,
"description": "AWS-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "IT MGMT",
"id": "7dfd756e-8c17-4172-b1b7-38c11fc1de81",
"isEnabled": true,
"description": "ITS-MGMT-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/ITMGMT-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "S3 Bucket Admins",
"id": "7dfd756e-8c17-4412-b1b1-31c17fc1de18",
"isEnabled": true,
"description": "AWS-S3-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/AWS-S3-Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "EC2 Admins",
"id": "7d1d756e-8c27-4471-12b7-38c17fc5de78",
"isEnabled": true,
"description": "AWS-EC2-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/AWS-EC2Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Network Admins",
"id": "1dfd756e-8c27-4472-b2b7-38c11fc5de67",
"isEnabled": true,
"description": "AWS-Network-Admins-SAML-AzureAD",
"value": "arn:aws:iam::12345678910:role/Network-Admins-SAML-AzureAD,arn:aws:iam::12345678910:saml-provider/AzureAD"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "msiam_access",
"id": "7dfd756e-8c21-1471-b1b7-11c27fc5de5e",
"isEnabled": true,
"description": "msiam_access",
"value": null
}]}
我验证了 JSON 代码,但 MS Graph Explorer 仍然告诉我缺少一些内容。
我尝试使用 Azure AD 应用程序的所有属性运行 PATCH 查询,但收到相同的错误。
有人遇到过这种情况吗?你的解决方法是什么?
最佳答案
需要通过/applications/<objectId>/更新AppRoles而不是/servicePrincipals/
关于azure - 通过 MS Graph Explorer 更新 Azure AD 应用程序 appRoles,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/51777851/