Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
Authenticate with application id using Certificated-based Authentication
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 7.000000000000001%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
水沢亮太
0
Reputation points
I registered the app on the Microsoft Entra admin center by referring to this page:
https://learn.microsoft.com/en-us/graph/auth-v2-service?tabs=http
Then I created public/private key using openssl. Here is the commands.
$ openssl genrsa -out ms365-private.key 2048
$ openssl req -new -x509 -key ms365-private.key -out ms365-public.crt -days 365000
Uploaded the public key (ms365-private.key) on the Microsoft Entra admin center, and I created this code.
TokenCredential credential = new ClientCertificateCredentialBuilder().tenantId("xxxxxxxx")
.clientId("xxxxxxxx")
.pemCertificate("/xxxx/xxxxx/ms365-private.key")
.build();
graphClient = new GraphServiceClient(credential);
but if I execute some methods on this graphClient , this following error occurs
[ERROR] com.azure.identity.implementation.util.CertificateUtil.performLogging - PEM certificate provided does not contain -----BEGIN CERTIFICATE-----END CERTIFICATE----- block
java.lang.IllegalArgumentException: PEM certificate provided does not contain -----BEGIN CERTIFICATE-----END CERTIFICATE----- block
at com.azure.identity.implementation.util.CertificateUtil.publicKeyFromPem(CertificateUtil.java:79)
at com.azure.identity.implementation.IdentityClientBase.getConfidentialClient(IdentityClientBase.java:196)
at com.azure.identity.implementation.IdentitySyncClient.lambda$new$2(IdentitySyncClient.java:91)
at com.azure.identity.implementation.SynchronousAccessor.getValue(SynchronousAccessor.java:45)
at com.azure.identity.implementation.IdentitySyncClient.authenticateWithConfidentialClientCache(IdentitySyncClient.java:171)
at com.azure.identity.ClientCertificateCredential.getTokenSync(ClientCertificateCredential.java:150)
at com.microsoft.kiota.authentication.AzureIdentityAccessTokenProvider.getAuthorizationToken(AzureIdentityAccessTokenProvider.java:146)
at com.microsoft.kiota.authentication.BaseBearerTokenAuthenticationProvider.authenticateRequest(BaseBearerTokenAuthenticationProvider.java:46)
I tried the following but all failed.
- Change a path specify to pemCertificate() from the private key (ms365-private.key) to the public key (ms365-public.crt)
- Change the format of the private key (ms365-private.key) to pem format (contains -----BEGIN CERTIFICATE-----END CERTIFICATE----- block)
Should I also specify public key? If so, how to specify public key by using ClientCertificateCredentialBuilder?
Microsoft Security | Microsoft Graph
Sign in to answer