page_type | languages | products | description | urlFragment | |||
---|---|---|---|---|---|---|---|
sample |
|
|
PowerShell scripts for setting up Azure Active Directory (Azure AD) to authenticate clients for a Service Fabric cluster (which must be done before creating the cluster). |
service-fabric-aad-helpers |
PowerShell scripts for setting up Azure Active Directory (Azure AD) to authenticate clients for a Service Fabric cluster (which must be done before creating the cluster).
This repo provides the following scripts for Azure AD:
- Create Azure AD applications (web, native) to control access to your Service Fabric cluster
- Delete existing Azure AD applications (web, native) for controlling your cluster
- Create a new Azure AD user
- Delete an existing Azure AD user
- Windows OS
- Nuget CLI (
nuget.exe
) - Azure Active Directory (Azure AD) tenant
nuget install Microsoft.IdentityModel.Clients.ActiveDirectory
Run SetupApplications.ps1 to create two Azure AD applications (web and native applications) to control access to the cluster, storing the output into a variable to reuse when creating Azure AD users.
$Configobj = .\SetupApplications.ps1 -TenantId '<tenant_id>' -ClusterName '<cluster_name>' -WebApplicationReplyUrl 'https://<cluster_domain>:19080/Explorer' -AddResourceAccess
-
TenantId: You can find this by executing the PowerShell command
Get-AzureSubscription
. -
ClusterName: This is used to prefix the Azure AD applications created by the script. It need not match the actual cluster name — it's provided to help you map Azure AD artifacts to their Service Fabric cluster.
-
WebApplicationReplyUrl: The endpoint Azure AD returned to your users after signing in. Set this to the Service Fabric Explorer for your cluster, which by default is at https://<cluster_domain>:19080/Explorer
-
Refer to the SetupApplications.ps1 script source for additional options and examples.
Running the script will prompt you to sign in to an account with admin privileges for the Azure AD tenant. Once signed in, the script will create the web and native applications to represent your Service Fabric cluster. The script will also print the JSON required by the Azure Resource Manager template when you go on to create your Service Fabric cluster, so be sure to save it somewhere.
Run SetupUser.ps1 to create read-only and admin user roles for your cluster, using the $Configobj
returned when creating your Azure AD applications. For example:
.\SetupUser.ps1 -ConfigObj $Configobj -UserName 'TestUser' -Password 'P@ssword!123'
.\SetupUser.ps1 -ConfigObj $Configobj -UserName 'TestAdmin' -Password 'P@ssword!123' -IsAdmin
Refer to the SetupUser.ps1 script source for additional options and examples.
Run CleanupApplications.ps1 if you need to delete the Azure AD applications you created from the SetupApplications.ps1 script. Include the optional -CleanupUsers
flag to also delete any users created for the given cluster.
.\CleanupApplications.ps1 -TenantId '<tenant_id>' -ClusterName '<cluster_name>' -CleanupUsers
Refer to CleanupApplications.ps1 and CleanupUser.ps1 scripts for additional options and examples.