CredentialDescription.SignedAssertionFileDiskPath Property
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
When SourceType is SignedAssertionFilePath, optionally specifies the path on disk of a file containing a signed assertion used as a client assertion for the confidential client application. The signed assertion file is a file containing a signed JWT assertion that is used as a client credential. You will usually use this option when you want to integrate with workload identity federation with Azure Kubernetes Service (AKS). For details, see https://learn.microsoft.com/azure/active-directory/workload-identities/workload-identity-federation.
public string? SignedAssertionFileDiskPath { get; set; }member this.SignedAssertionFileDiskPath : string with get, setPublic Property SignedAssertionFileDiskPath As StringProperty Value
Examples
The JSON fragment below describes a signed assertion acquired with workload identity federation with Azure Kubernetes Services (AKS):
{
"ClientCredentials": [
{
"SourceType": "SignedAssertionFilePath",
"ManagedIdentityClientId": "c:/path.signedAssertion"
}]
}
The code below describes programmatically in C#, the same workload identity federation with with Azure Kubernetes Services (AKS) signed assertion.
Remarks
When deployed to AKS, if you specify SourceType = SignedAssertionFilePath but don't provide the signed assertion file disk path, the file will be searched based on the content of two environment variables: AZURE_FEDERATED_TOKEN_FILE and AZURE_ACCESS_TOKEN_FILE.