Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New-AzureRmADAppCredential EndDate parameter value not used when creating new password credential #6505

Closed
antonygibbs opened this issue Jun 21, 2018 · 1 comment
Assignees
Labels
Resource Authorization AzRole* in Az.Resources Service Attention This issue is responsible by Azure service team.

Comments

@antonygibbs
Copy link

Description

Creating a new application credential with any end date value creates a new application credential with a one-year expiry. EndDate parameter value is ignored.

Script/Steps for Reproduction

New-AzureRmADAppCredential -ApplicationId $app.ApplicationId -Password $(ConvertTo-SecureString -AsPlainText "aReallyLongComplexPassword" -Force) -EndDate $((Get-Date).AddYears(2))

Module Version

ModuleType Version    Name                                ExportedCommands                                                                                                                                                                               
---------- -------    ----                                ----------------                                                                                                                                                                               
Script     6.3.0      AzureRM                                                                                                                                                                                                                            
Script     6.2.1      AzureRM                                                                                                                                                                                                                            
Script     6.1.0      AzureRM                                                                                                                                                                                                                            
Script     5.7.0      AzureRM                                                                                                                                                                                                                            
Script     5.5.0      AzureRM                                                                                                                                                                                                                            
Script     5.4.1      AzureRM                                                                                                                                                                                                                            

Environment Data

Name                           Value                                                                                                                                                                                                                     
----                           -----                                                                                                                                                                                                                     
PSVersion                      5.1.15063.1029                                                                                                                                                                                                            
PSEdition                      Desktop                                                                                                                                                                                                                   
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                                                                                                                   
BuildVersion                   10.0.15063.1029                                                                                                                                                                                                           
CLRVersion                     4.0.30319.42000                                                                                                                                                                                                           
WSManStackVersion              3.0                                                                                                                                                                                                                       
PSRemotingProtocolVersion      2.3                                                                                                                                                                                                                       
SerializationVersion           1.1.0.1                                                                                                                                                                                                                   

Debug Output

PS C:\Program Files (x86)\code4ward.net\Royal TS V4> New-AzureRmADAppCredential -ApplicationId $app.ApplicationId -Password $(ConvertTo-SecureString -AsPlainText "aReallyLongComplexPassword" -Force) -EndDate $((Get-Date).AddYears(2))

DEBUG: 3:47:55 PM - NewAzureADAppCredentialCommand begin processing with ParameterSet 'ApplicationIdWithPasswordParameterSet'.
DEBUG: 3:47:55 PM - using account id '[email protected]'...
DEBUG: [Common.Authentication]: Authenticating using Account: '************************', environment: 'AzureCloud', tenant: '************************'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/************************/
	Resource: https://graph.windows.net/
	ClientId: ************************
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (4 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55:  - TokenCache: Deserialized 4 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - TokenCache: 33.5083901766667 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 22a4d375-9ec9-42cc-a53a-c4a351a7108f - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: p3abFUdCidIBkLBmrWRJlZQX94XX577EdJAmQRn89nA=
	Refresh Token Hash: E9RhOYWYpq/OlaRgTNp/7VHYtubphWYS7VfDD6TgXtY=
	Expiration Time: 06/21/2018 15:21:26 +00:00
	User Hash: KjGBpGdpYcvfUNAOgk9W4ueADsXXrBQKL8Ci7TeGLvI=
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/************************/
	Resource: https://graph.windows.net/
	ClientId: ************************
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (4 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55:  - TokenCache: Deserialized 4 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - TokenCache: 33.50833222 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: 1777293f-d860-487b-bdec-7ec7b2ed98d4 - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: p3abFUdCidIBkLBmrWRJlZQX94XX577EdJAmQRn89nA=
	Refresh Token Hash: E9RhOYWYpq/OlaRgTNp/7VHYtubphWYS7VfDD6TgXtY=
	Expiration Time: 06/21/2018 15:21:26 +00:00
	User Hash: KjGBpGdpYcvfUNAOgk9W4ueADsXXrBQKL8Ci7TeGLvI=
	

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.windows.net/************************/applications?$filter=appId eq '3725c6f8-dc1f-4bcd-9f13-f6a2c8015d16'&api-version=1.6

Headers:
x-ms-client-request-id        : 8fb4feb3-6040-431d-8327-27a36db00612
accept-language               : en-US

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: VFgy0BpcGPJkcBnVK1akG2UpmtcFmc5BCxVLJZmLtYM=
request-id                    : f34f2165-cf96-4472-8378-16c74bc0fd0a
client-request-id             : dc2c0d4b-390e-492f-a98d-1c900dd8741a
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           : uNHFlHfaGY_DztGxMHUSJK8O-7uMxyHRygyAkDL0h1ggsG4mY84yZav2YGAXyv9I1Pp27dUenH916xWuRBP9pBBABkHyIVAkpksvzkeAGDY9x-M9L0CreXqlkD28zkmw-WkKxgx2WJ1WPwhy3Gm29A.VNXVIumbu74qpxSzrLoPyWcyGTlOuTMRedI6JKre-aI
X-Content-Type-Options        : nosniff
DataServiceVersion            : 3.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Duration                      : 2086633
Cache-Control                 : no-cache
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET,ASP.NET
Date                          : Thu, 21 Jun 2018 14:47:55 GMT

Body:
{
  "odata.metadata": "https://graph.windows.net/************************/$metadata#directoryObjects/Microsoft.DirectoryServices.Application",
  "value": [
    {
      "odata.type": "Microsoft.DirectoryServices.Application",
      "objectType": "Application",
      "objectId": "************************",
      "deletionTimestamp": null,
      "acceptMappedClaims": null,
      "addIns": [],
      "appId": "************************",
      "appRoles": [],
      "availableToOtherTenants": false,
      "displayName": "************************",
      "errorUrl": null,
      "groupMembershipClaims": null,
      "homepage": "https://************************",
      "identifierUris": [
        "https://************************"
      ],
      "informationalUrls": {
        "termsOfService": null,
        "support": null,
        "privacy": null,
        "marketing": null
      },
      "isDeviceOnlyAuthSupported": null,
      "keyCredentials": [],
      "knownClientApplications": [],
      "logoutUrl": null,
      "logoUrl": null,
      "oauth2AllowIdTokenImplicitFlow": false,
      "oauth2AllowImplicitFlow": false,
      "oauth2AllowUrlPathMatching": false,
      "oauth2Permissions": [
        {
          "adminConsentDescription": "Allow the application to access ************************ on behalf of the signed-in user.",
          "adminConsentDisplayName": "Access ************************",
          "id": "************************",
          "isEnabled": true,
          "type": "User",
          "userConsentDescription": "Allow the application to access ************************ on your behalf.",
          "userConsentDisplayName": "Access ************************",
          "value": "user_impersonation"
        }
      ],
      "oauth2RequirePostResponse": false,
      "optionalClaims": null,
      "orgRestrictions": [],
      "parentalControlSettings": {
        "countriesBlockedForMinors": [],
        "legalAgeGroupRule": "Allow"
      },
      "passwordCredentials": [],
      "publicClient": null,
      "publisherDomain": null,
      "recordConsentConditions": null,
      "replyUrls": [],
      "requiredResourceAccess": [],
      "samlMetadataUrl": null,
      "signInAudience": "AzureADMyOrg",
      "tokenEncryptionKeyId": null
    }
  ]
}


DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/************************/
	Resource: https://graph.windows.net/
	ClientId: ************************
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (4 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55:  - TokenCache: Deserialized 4 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - TokenCache: 33.5034776216667 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:55: a787bf70-a48a-4fbc-a595-babe6e423afc - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: p3abFUdCidIBkLBmrWRJlZQX94XX577EdJAmQRn89nA=
	Refresh Token Hash: E9RhOYWYpq/OlaRgTNp/7VHYtubphWYS7VfDD6TgXtY=
	Expiration Time: 06/21/2018 15:21:26 +00:00
	User Hash: KjGBpGdpYcvfUNAOgk9W4ueADsXXrBQKL8Ci7TeGLvI=
	

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
GET

Absolute Uri:
https://graph.windows.net/************************/applications/************************/passwordCredentials?api-version=1.6

Headers:
x-ms-client-request-id        : bafd8272-d7f6-4799-bff8-d980af591a8d
accept-language               : en-US

Body:



DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: VFgy0BpcGPJkcBnVK1akG2UpmtcFmc5BCxVLJZmLtYM=
request-id                    : 92650114-1f28-4cde-9d1e-05192c350630
client-request-id             : 349bb07e-4ace-4b7d-a73d-3f826a002764
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           : waK2yhMxWZ8WwUpSao33n8bbc5DCaGTB4KPwPFNO87syEz7a0m9b5ItA8-akElpDI1riDeCWUVuBPmo_EGAUrhFZWnvCRl1sJrzyLuu53RGKgjmTBXD-8mZnk9N2cFUTCcun9HrkFLlnMSIVlpezWg.qAN2Gjk5Mv5SLAs7OX0UloFUMU0xYwdFwesku3cRQYE
X-Content-Type-Options        : nosniff
DataServiceVersion            : 3.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Duration                      : 1695582
Cache-Control                 : no-cache
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET,ASP.NET
Date                          : Thu, 21 Jun 2018 14:47:55 GMT

Body:
{
  "odata.metadata": "https://graph.windows.net/************************/$metadata#Collection(Microsoft.DirectoryServices.PasswordCredential)",
  "value": []
}


DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - AcquireTokenHandlerBase: === Token Acquisition started:
	Authority: https://login.microsoftonline.com/************************/
	Resource: https://graph.windows.net/
	ClientId: ************************
	CacheType: Microsoft.Azure.Commands.Common.Authentication.ProtectedFileTokenCache (4 items)
	Authentication Target: User
	

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:56:  - TokenCache: Deserialized 4 items to token cache.

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - TokenCache: Looking up cache for a token...

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - TokenCache: An item matching the requested resource was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - TokenCache: 33.50013739 minutes left until token in cache expires

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - TokenCache: A matching item (access token or refresh token or both) was found in the cache

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 : 
DEBUG: 06/21/2018 14:47:56: 2fc63d5d-1b2e-4f13-9c14-af0713933f7d - AcquireTokenHandlerBase: === Token Acquisition finished successfully. An access token was retuned:
	Access Token Hash: p3abFUdCidIBkLBmrWRJlZQX94XX577EdJAmQRn89nA=
	Refresh Token Hash: E9RhOYWYpq/OlaRgTNp/7VHYtubphWYS7VfDD6TgXtY=
	Expiration Time: 06/21/2018 15:21:26 +00:00
	User Hash: KjGBpGdpYcvfUNAOgk9W4ueADsXXrBQKL8Ci7TeGLvI=
	

DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
PATCH

Absolute Uri:
https://graph.windows.net/************************/applications/************************/passwordCredentials?api-version=1.6

Headers:
x-ms-client-request-id        : 7bcc3755-1665-491f-8337-e047a5ce6219
accept-language               : en-US

Body:
{
  "value": [
    {
      "startDate": "2018-06-21T14:47:55.6623069Z",
      "endDate": "2019-06-21T14:47:55.6623069Z",
      "keyId": "d5f85c11-728a-46b0-b32a-d7d199f24314",
      "value": "aReallyLongComplexPassword"
    }
  ]
}


DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
NoContent

Headers:
Pragma                        : no-cache
ocp-aad-diagnostics-server-name: mkmGIZ2j5Ca42Qa49ycJm+noc56ZbQai9OBtxAgVnJk=
request-id                    : 6050dbb9-701b-4e96-b760-402859f55e03
client-request-id             : 91e83796-4e55-4f5e-aece-927221446f9e
x-ms-dirapi-data-contract-version: 1.6
ocp-aad-session-key           : J61a7V2roh3TmKEY62ZpC1_ZbLeaBsfquXH1V3cgfpmslu_m1RPK-czW8Gyo4AympHxyt_HsWJt3T4G4pfTHn6iM_3-iAgR4-VfYioMkKGra0XEQPzsB3VSCDBwNT1I3247uJMgynPhD646dTi0jlA.a7mS8T0n2GUsX0M4SBPGbz-yKk-KFNnoMu1MFTvasTQ
X-Content-Type-Options        : nosniff
DataServiceVersion            : 1.0;
Strict-Transport-Security     : max-age=31536000; includeSubDomains
Access-Control-Allow-Origin   : *
Duration                      : 6322680
Cache-Control                 : no-cache
Server                        : Microsoft-IIS/10.0
X-AspNet-Version              : 4.0.30319
X-Powered-By                  : ASP.NET,ASP.NET
Date                          : Thu, 21 Jun 2018 14:47:56 GMT

Body:




DEBUG: AzureQoSEvent: CommandName - New-AzureRmADAppCredential; IsSuccess - True; Duration - 00:00:01.2092743; Exception - ;
DEBUG: Finish sending metric.
DEBUG: 3:47:57 PM - NewAzureADAppCredentialCommand end processing.
DEBUG: 3:47:57 PM - NewAzureADAppCredentialCommand end processing.
StartDate            EndDate              KeyId                                Type    
---------            -------              -----                                ----    
6/21/2018 2:47:55 PM 6/21/2019 2:47:55 PM d5f85c11-728a-46b0-b32a-d7d199f24314 Password
@cormacpayne cormacpayne added the Resource Authorization AzRole* in Az.Resources label Jun 21, 2018
@cormacpayne cormacpayne self-assigned this Jun 21, 2018
@cormacpayne
Copy link
Member

This will be fixed in the upcoming (July 3rd) version of AzureRM.Resources

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Resource Authorization AzRole* in Az.Resources Service Attention This issue is responsible by Azure service team.
Projects
None yet
Development

No branches or pull requests

3 participants