Configurer le proxy d’application Microsoft Entra à l’aide des API Microsoft Graph
Article
Le proxy d’application Microsoft Entra fournit un accès à distance sécurisé et une authentification unique (SSO) aux applications web locales. Il permet aux utilisateurs d’accéder à leurs applications locales via une URL externe, le portail Mes applications ou d’autres portails d’applications internes.
Dans ce tutoriel, vous allez apprendre à configurer le proxy d’application Microsoft Entra à l’aide des API Microsoft Graph.
Importante
Les opérations d’API spécifiques au proxy d’application sont actuellement disponibles uniquement sur le point de beta terminaison.
Configuration requise
Installez un connecteur et remplissez les conditions préalables pour le proxy d’application afin que les connecteurs puissent communiquer avec les services Microsoft Entra.
Connectez-vous à un client d’API tel que l’Explorateur Graph avec un compte qui a au moins le rôle Administrateur d’application cloud.
Accordez-vous l’autorisation déléguée Microsoft Graph Directory.ReadWrite.All .
Avoir un utilisateur de test à affecter à l’application.
Étape 1 : Créer une application personnalisée
Pour configurer le proxy d’application, vous devez d’abord créer une application personnalisée, puis mettre à jour les paramètres du proxy d’application dans la propriété onPremisesPublishing de l’application. Dans ce tutoriel, vous utilisez un modèle d’application pour créer une instance d’une application personnalisée et d’un principal de service dans votre locataire. L’ID de modèle pour une application personnalisée est 8adf8e6e-67b2-4cf2-a259-e3dc5476c621, que vous pouvez découvrir en exécutant la requête suivante : GET https://graph.microsoft.com/v1.0/applicationTemplates?$filter=displayName eq 'Custom'.
Dans la réponse, enregistrez l’ID du principal de service et des objets d’application, ainsi que la valeur appId pour une utilisation ultérieure dans le didacticiel.
POST https://graph.microsoft.com/v1.0/applicationTemplates/8adf8e6e-67b2-4cf2-a259-e3dc5476c621/instantiate
Content-type: application/json
{
"displayName": "Contoso IWA App"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.ApplicationTemplates.Item.Instantiate;
var requestBody = new InstantiatePostRequestBody
{
DisplayName = "Contoso IWA App",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.ApplicationTemplates["{applicationTemplate-id}"].Instantiate.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphapplicationtemplates "github.com/microsoftgraph/msgraph-sdk-go/applicationtemplates"
//other-imports
)
requestBody := graphapplicationtemplates.NewInstantiatePostRequestBody()
displayName := "Contoso IWA App"
requestBody.SetDisplayName(&displayName)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
instantiate, err := graphClient.ApplicationTemplates().ByApplicationTemplateId("applicationTemplate-id").Instantiate().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.applicationtemplates.item.instantiate.InstantiatePostRequestBody instantiatePostRequestBody = new com.microsoft.graph.applicationtemplates.item.instantiate.InstantiatePostRequestBody();
instantiatePostRequestBody.setDisplayName("Contoso IWA App");
var result = graphClient.applicationTemplates().byApplicationTemplateId("{applicationTemplate-id}").instantiate().post(instantiatePostRequestBody);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\ApplicationTemplates\Item\Instantiate\InstantiatePostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new InstantiatePostRequestBody();
$requestBody->setDisplayName('Contoso IWA App');
$result = $graphServiceClient->applicationTemplates()->byApplicationTemplateId('applicationTemplate-id')->instantiate()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.applicationtemplates.item.instantiate.instantiate_post_request_body import InstantiatePostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = InstantiatePostRequestBody(
display_name = "Contoso IWA App",
)
result = await graph_client.application_templates.by_application_template_id('applicationTemplate-id').instantiate.post(request_body)
Pour l’application que vous avez créée à l’étape 1, configurez les URI de l’application. Supposons que l’URL interne de l’application est https://contosoiwaapp.com et que le domaine par défaut pour l’URL externe est https://contosoiwaapp-contoso.msappproxy.net. Ajoutez la valeur d’URL externe aux propriétés identifierUris, web>redirectUris et webPageUrl>.
Configurez également la propriété onPremisesPublishing pour définir les URL internes et externes, ainsi que d’autres propriétés en fonction des besoins. Cette propriété est disponible uniquement dans beta et ne peut pas être configurée tant que vous n’avez pas configuré les URI.
Étape 2.1 : Configurer les URI
La requête suivante utilise la valeur appId pour la propriété identifierUris . Vous pouvez également utiliser n’importe quel autre identificateur qui correspond au format d’URI d’ID d’application attendu par l’ID Microsoft Entra. La requête retourne une 204 No content réponse.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new Application
{
IdentifierUris = new List<string>
{
"api://32977d3b-ee0e-4614-9f50-f583a07842d2",
},
Web = new WebApplication
{
RedirectUris = new List<string>
{
"https://contosoiwaapp-contoso.msappproxy.net",
},
HomePageUrl = "https://contosoiwaapp-contoso.msappproxy.net",
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewApplication()
identifierUris := []string {
"api://32977d3b-ee0e-4614-9f50-f583a07842d2",
}
requestBody.SetIdentifierUris(identifierUris)
web := graphmodels.NewWebApplication()
redirectUris := []string {
"https://contosoiwaapp-contoso.msappproxy.net",
}
web.SetRedirectUris(redirectUris)
homePageUrl := "https://contosoiwaapp-contoso.msappproxy.net"
web.SetHomePageUrl(&homePageUrl)
requestBody.SetWeb(web)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
applications, err := graphClient.Applications().ByApplicationId("application-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Application application = new Application();
LinkedList<String> identifierUris = new LinkedList<String>();
identifierUris.add("api://32977d3b-ee0e-4614-9f50-f583a07842d2");
application.setIdentifierUris(identifierUris);
WebApplication web = new WebApplication();
LinkedList<String> redirectUris = new LinkedList<String>();
redirectUris.add("https://contosoiwaapp-contoso.msappproxy.net");
web.setRedirectUris(redirectUris);
web.setHomePageUrl("https://contosoiwaapp-contoso.msappproxy.net");
application.setWeb(web);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);
<?php
use Microsoft\Graph\GraphServiceClient;
use Microsoft\Graph\Generated\Models\Application;
use Microsoft\Graph\Generated\Models\WebApplication;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new Application();
$requestBody->setIdentifierUris(['api://32977d3b-ee0e-4614-9f50-f583a07842d2', ]);
$web = new WebApplication();
$web->setRedirectUris(['https://contosoiwaapp-contoso.msappproxy.net', ]);
$web->setHomePageUrl('https://contosoiwaapp-contoso.msappproxy.net');
$requestBody->setWeb($web);
$result = $graphServiceClient->applications()->byApplicationId('application-id')->patch($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.application import Application
from msgraph.generated.models.web_application import WebApplication
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
identifier_uris = [
"api://32977d3b-ee0e-4614-9f50-f583a07842d2",
],
web = WebApplication(
redirect_uris = [
"https://contosoiwaapp-contoso.msappproxy.net",
],
home_page_url = "https://contosoiwaapp-contoso.msappproxy.net",
),
)
result = await graph_client.applications.by_application_id('application-id').patch(request_body)
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new Application
{
OnPremisesPublishing = new OnPremisesPublishing
{
ExternalAuthenticationType = ExternalAuthenticationType.AadPreAuthentication,
InternalUrl = "https://contosoiwaapp.com",
ExternalUrl = "https://contosoiwaapp-contoso.msappproxy.net",
IsHttpOnlyCookieEnabled = true,
IsOnPremPublishingEnabled = true,
IsPersistentCookieEnabled = true,
IsSecureCookieEnabled = true,
IsStateSessionEnabled = true,
IsTranslateHostHeaderEnabled = true,
IsTranslateLinksInBodyEnabled = true,
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Applications["{application-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
Application application = new Application();
OnPremisesPublishing onPremisesPublishing = new OnPremisesPublishing();
onPremisesPublishing.setExternalAuthenticationType(ExternalAuthenticationType.AadPreAuthentication);
onPremisesPublishing.setInternalUrl("https://contosoiwaapp.com");
onPremisesPublishing.setExternalUrl("https://contosoiwaapp-contoso.msappproxy.net");
onPremisesPublishing.setIsHttpOnlyCookieEnabled(true);
onPremisesPublishing.setIsOnPremPublishingEnabled(true);
onPremisesPublishing.setIsPersistentCookieEnabled(true);
onPremisesPublishing.setIsSecureCookieEnabled(true);
onPremisesPublishing.setIsStateSessionEnabled(true);
onPremisesPublishing.setIsTranslateHostHeaderEnabled(true);
onPremisesPublishing.setIsTranslateLinksInBodyEnabled(true);
application.setOnPremisesPublishing(onPremisesPublishing);
Application result = graphClient.applications().byApplicationId("{application-id}").patch(application);
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.application import Application
from msgraph_beta.generated.models.on_premises_publishing import OnPremisesPublishing
from msgraph_beta.generated.models.external_authentication_type import ExternalAuthenticationType
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = Application(
on_premises_publishing = OnPremisesPublishing(
external_authentication_type = ExternalAuthenticationType.AadPreAuthentication,
internal_url = "https://contosoiwaapp.com",
external_url = "https://contosoiwaapp-contoso.msappproxy.net",
is_http_only_cookie_enabled = True,
is_on_prem_publishing_enabled = True,
is_persistent_cookie_enabled = True,
is_secure_cookie_enabled = True,
is_state_session_enabled = True,
is_translate_host_header_enabled = True,
is_translate_links_in_body_enabled = True,
),
)
result = await graph_client.applications.by_application_id('application-id').patch(request_body)
GET https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectors
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.OnPremisesPublishingProfiles["{onPremisesPublishingProfile-id}"].Connectors.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
connectors, err := graphClient.OnPremisesPublishingProfiles().ByOnPremisesPublishingProfileId("onPremisesPublishingProfile-id").Connectors().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ConnectorCollectionResponse result = graphClient.onPremisesPublishingProfiles().byOnPremisesPublishingProfileId("{onPremisesPublishingProfile-id}").connectors().get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.on_premises_publishing_profiles.by_on_premises_publishing_profile_id('onPremisesPublishingProfile-id').connectors.get()
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#onPremisesPublishingProfiles('applicationProxy')/connectors",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET onPremisesPublishingProfiles('<key>')/connectors?$select=externalIp,machineName",
"value": [
{
"id": "d2b1e8e8-8511-49d6-a4ba-323cb083fbb0",
"machineName": "connectorA.redmond.contoso.com"",
"externalIp": "131.137.147.164",
"status": "active"
},
{
"id": "f2cab422-a1c8-4d70-a47e-2cb297a2e051",
"machineName": "connectorB.contoso.com"",
"externalIp": "68.0.191.210",
"status": "active"
}
]
}
Étape 3.2 : Créer un connectorGroup
Créez un connectorGroup nommé IWA Demo Connector Group pour l’application. Enregistrez son ID.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ConnectorGroup
{
Name = "IWA Demo Connector Group",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.OnPremisesPublishingProfiles["{onPremisesPublishingProfile-id}"].ConnectorGroups.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewConnectorGroup()
name := "IWA Demo Connector Group"
requestBody.SetName(&name)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
connectorGroups, err := graphClient.OnPremisesPublishingProfiles().ByOnPremisesPublishingProfileId("onPremisesPublishingProfile-id").ConnectorGroups().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
ConnectorGroup connectorGroup = new ConnectorGroup();
connectorGroup.setName("IWA Demo Connector Group");
ConnectorGroup result = graphClient.onPremisesPublishingProfiles().byOnPremisesPublishingProfileId("{onPremisesPublishingProfile-id}").connectorGroups().post(connectorGroup);
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.connector_group import ConnectorGroup
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ConnectorGroup(
name = "IWA Demo Connector Group",
)
result = await graph_client.on_premises_publishing_profiles.by_on_premises_publishing_profile_id('onPremisesPublishingProfile-id').connector_groups.post(request_body)
POST https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectors/f2cab422-a1c8-4d70-a47e-2cb297a2e051/memberOf/$ref
Content-type: application/json
{
"@odata.id":"https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ReferenceCreate
{
OdataId = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.OnPremisesPublishingProfiles["{onPremisesPublishingProfile-id}"].Connectors["{connector-id}"].MemberOf.Ref.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewReferenceCreate()
odataId := "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6"
requestBody.SetOdataId(&odataId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.OnPremisesPublishingProfiles().ByOnPremisesPublishingProfileId("onPremisesPublishingProfile-id").Connectors().ByConnectorId("connector-id").MemberOf().Ref().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.ReferenceCreate referenceCreate = new com.microsoft.graph.beta.models.ReferenceCreate();
referenceCreate.setOdataId("https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6");
graphClient.onPremisesPublishingProfiles().byOnPremisesPublishingProfileId("{onPremisesPublishingProfile-id}").connectors().byConnectorId("{connector-id}").memberOf().ref().post(referenceCreate);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ReferenceCreate;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ReferenceCreate();
$requestBody->setOdataId('https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6');
$graphServiceClient->onPremisesPublishingProfiles()->byOnPremisesPublishingProfileId('onPremisesPublishingProfile-id')->connectors()->byConnectorId('connector-id')->memberOf()->ref()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
odata_id = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationProxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6",
)
await graph_client.on_premises_publishing_profiles.by_on_premises_publishing_profile_id('onPremisesPublishingProfile-id').connectors.by_connector_id('connector-id').member_of.ref.post(request_body)
PUT https://graph.microsoft.com/beta/applications/bf21f7e9-9d25-4da2-82ab-7fdd85049f83/connectorGroup/$ref
Content-type: application/json
{
"@odata.id":"https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new ReferenceUpdate
{
OdataId = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].ConnectorGroup.Ref.PutAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewReferenceUpdate()
odataId := "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6"
requestBody.SetOdataId(&odataId)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Applications().ByApplicationId("application-id").ConnectorGroup().Ref().Put(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.models.ReferenceUpdate referenceUpdate = new com.microsoft.graph.beta.models.ReferenceUpdate();
referenceUpdate.setOdataId("https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6");
graphClient.applications().byApplicationId("{application-id}").connectorGroup().ref().put(referenceUpdate);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\ReferenceUpdate;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new ReferenceUpdate();
$requestBody->setOdataId('https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6');
$graphServiceClient->applications()->byApplicationId('application-id')->connectorGroup()->ref()->put($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.reference_update import ReferenceUpdate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceUpdate(
odata_id = "https://graph.microsoft.com/beta/onPremisesPublishingProfiles/applicationproxy/connectorGroups/3e6f4c35-a04b-4d03-b98a-66fff89b72e6",
)
await graph_client.applications.by_application_id('application-id').connector_group.ref.put(request_body)
Dans cette étape, vous configurez les propriétés onPremisesPublishing > singleSignOnSettings et onPremisesPublishing > singleSignOnMode pour l’application.
Option 1 : Configurer l’authentification unique basée sur IWA
La requête suivante montre comment configurer l’authentification Windows intégrée (IWA) pour l’application. La requête retourne une 204 No content réponse.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Applications.Item;
var requestBody = new Application
{
AdditionalData = new Dictionary<string, object>
{
{
"onPremisesPublishing" , new
{
SingleSignOnSettings = new
{
KerberosSignOnSettings = new
{
KerberosServicePrincipalName = "HTTP/iwademo.contoso.com",
KerberosSignOnMappingAttributeType = "userPrincipalName",
},
SingleSignOnMode = "onPremisesKerberos",
},
}
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].PatchAs{application-id}PatchResponseAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.applications.item.Application application = new com.microsoft.graph.beta.applications.item.Application();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
onPremisesPublishing = new ();
singleSignOnSettings = new ();
kerberosSignOnSettings = new ();
kerberosSignOnSettings.setKerberosServicePrincipalName("HTTP/iwademo.contoso.com");
kerberosSignOnSettings.setKerberosSignOnMappingAttributeType("userPrincipalName");
singleSignOnSettings.setKerberosSignOnSettings(kerberosSignOnSettings);
singleSignOnSettings.setSingleSignOnMode("onPremisesKerberos");
onPremisesPublishing.setSingleSignOnSettings(singleSignOnSettings);
additionalData.put("onPremisesPublishing", onPremisesPublishing);
application.setAdditionalData(additionalData);
graphClient.applications().byApplicationId("{application-id}").patch(application);
Option 2 : Configurer l’authentification unique basée sur l’en-tête
La requête suivante montre comment configurer l’authentification unique basée sur l’en-tête pour l’application. Dans ce mode, la valeur de la propriété singleSignOnMode peut être aadHeaderBased, pingHeaderBasedou oAuthToken. La requête retourne une 204 No content réponse.
Vous souhaitez affecter un utilisateur à l’application. À partir du principal de service que vous avez créé à l’étape 1, enregistrez l’ID du rôle Utilisateur par défaut défini dans la propriété appRoles . Cette valeur est 18d14569-c3bd-439b-9a66-3a2aee01d14f.
Dans le corps de la demande, fournissez les valeurs suivantes :
principalId : ID du compte d’utilisateur que vous avez créé.
appRoleId : ID du rôle d’application par défaut User que vous avez récupéré auprès du principal de service.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.ServicePrincipals.Item.AppRoleAssignments;
var requestBody = new AppRoleAssignmentsPostRequestBody
{
AdditionalData = new Dictionary<string, object>
{
{
"principalId" , "4628e7df-dff3-407c-a08f-75f08c0806dc"
},
{
"principalType" , "User"
},
{
"appRoleId" , "18d14569-c3bd-439b-9a66-3a2aee01d14f"
},
{
"resourceId" , "a8cac399-cde5-4516-a674-819503c61313"
},
},
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.ServicePrincipals["{servicePrincipal-id}"].AppRoleAssignments.PostAsAppRoleAssignmentsPostResponseAsync(requestBody);
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.serviceprincipals.item.approleassignments.AppRoleAssignmentsPostRequestBody appRoleAssignmentsPostRequestBody = new com.microsoft.graph.beta.serviceprincipals.item.approleassignments.AppRoleAssignmentsPostRequestBody();
HashMap<String, Object> additionalData = new HashMap<String, Object>();
additionalData.put("principalId", "4628e7df-dff3-407c-a08f-75f08c0806dc");
additionalData.put("principalType", "User");
additionalData.put("appRoleId", "18d14569-c3bd-439b-9a66-3a2aee01d14f");
additionalData.put("resourceId", "a8cac399-cde5-4516-a674-819503c61313");
appRoleAssignmentsPostRequestBody.setAdditionalData(additionalData);
graphClient.servicePrincipals().byServicePrincipalId("{servicePrincipal-id}").appRoleAssignments().post(appRoleAssignmentsPostRequestBody);
Testez l’application en visitant l’externalUrl configuré pour l’application sur votre navigateur, puis connectez-vous avec votre utilisateur de test. Vous devez être en mesure de vous connecter à l’application et d’accéder à l’application.
Étape 7 : nettoyer les ressources
Dans cette étape, supprimez les ressources que vous avez créées et dont vous n’avez plus besoin.
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Users["{user-id}"].DeleteAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Users().ByUserId("user-id").Delete(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.users().byUserId("{user-id}").delete();
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->users()->byUserId('user-id')->delete()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.users.by_user_id('user-id').delete()
Lorsque vous supprimez l’application, le principal de service dans votre locataire est également supprimé. Cette requête retourne une 204 No content réponse.
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Applications["{application-id}"].DeleteAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.Applications().ByApplicationId("application-id").Delete(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.applications().byApplicationId("{application-id}").delete();
<?php
use Microsoft\Graph\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->applications()->byApplicationId('application-id')->delete()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.applications.by_application_id('application-id').delete()
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.OnPremisesPublishingProfiles["{onPremisesPublishingProfile-id}"].ConnectorGroups["{connectorGroup-id}"].DeleteAsync();
// THE CLI IS IN PREVIEW. NON-PRODUCTION USE ONLY
mgc-beta on-premises-publishing-profiles connector-groups delete --on-premises-publishing-profile-id {onPremisesPublishingProfile-id} --connector-group-id {connectorGroup-id}
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.onPremisesPublishingProfiles().byOnPremisesPublishingProfileId("{onPremisesPublishingProfile-id}").connectorGroups().byConnectorGroupId("{connectorGroup-id}").delete();