Deploying Service Fabric secured by Azure Active Directory from PowerShell

Question

I am trying to publish to a service fabric cluster secured using Azure Active Directory from PowerShell calling Deploy-FabricApplication.ps1 as part of a TeamCity build configuration.

I have been unable to find how you provide credentials in this situation.

I did notice in Deploy-FabricApplication.ps1 that there is a SecurityToken parameter for Active Directory.

Is this what you need to pass to authenticate, and if so how can you generate the security token within PowerShell?

I have set up a user within my Azure Active Directory for TeamCity that I am hopping to authenticate as.

Answer 1

The token can be acquired by making use of the Active Directory Authentication Library (ADAL), specifically by calling the method AcquireToken in Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.

A good example of this being used can be seen in the code for the VSTS Service Fabric Deploy task at: https://github.com/Microsoft/vsts-tasks/blob/master/Tasks/ServiceFabricDeploy/utilities.ps1.

There's a function in that file called Get-AadSecurityToken which shows the call to the AuthenticationContext.AcquireToken method.

You need to ensure that you have both the cluster app ID and the client app ID. Both of these are retrievable from the cluster by calling Connect-ServiceFabricCluster with the -GetMetadata switch (this is also done in the Get-AadSecurityToken function).