Skip to content

Commit

Permalink
Merge branch 'Dev' into kajalp/Intune_DSC_DerivedCredential
Browse files Browse the repository at this point in the history
  • Loading branch information
NikCharlebois authored Oct 8, 2024
2 parents 4b500da + 7fef33f commit 5a48be3
Show file tree
Hide file tree
Showing 24 changed files with 1,970 additions and 30 deletions.
7 changes: 5 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,11 @@
* Initial release.
* AADApplication
* Fixed an issue trying to retrieve the beta instance.
* Added support for OnPremisesPublishing.
* AADAuthenticationRequirement
* Initial release.
* AADConnectorGroupApplicationProxy
* Initial release.
* AADDeviceRegistrationPolicy
* Initial release.
* AADEntitlementManagementSettings
Expand Down Expand Up @@ -47,8 +52,6 @@
* Added ReportSuspiciousActivitySettings
* AADAuthenticationMethodPolicyHardware
* Initial release.
* AADAuthenticationRequirement
* Initial release.
* AADEntitlementManagementSettings
* Initial release.
* AADFeatureRolloutPolicy
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,10 @@ function Get-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Permissions,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$OnPremisesPublishing,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
Expand Down Expand Up @@ -274,7 +278,6 @@ function Get-TargetResource
$complexApi = $null
}


$complexKeyCredentials = @()
foreach ($currentkeyCredentials in $AADAppKeyCredentials.keyCredentials)
{
Expand Down Expand Up @@ -379,6 +382,77 @@ function Get-TargetResource
$IsFallbackPublicClientValue = $AADApp.IsFallbackPublicClient
}

#region OnPremisesPublishing
$onPremisesPublishingValue = @{}
$oppInfo = $null

try
{
$oppInfo = Invoke-MgGraphRequest -Method GET `
-Uri "https://graph.microsoft.com/beta/applications/$($AADBetaApp.Id)/onPremisesPublishing" `
-ErrorAction SilentlyContinue
}
catch
{
Write-Verbose -Message "On-premises publishing is not enabled for App {$($AADBetaApp.DisplayName)}"
}

if ($null -ne $oppInfo)
{
$onPremisesPublishingValue = @{
alternateUrl = $oppInfo.alternateUrl
applicationServerTimeout = $oppInfo.applicationServerTimeout
externalAuthenticationType = $oppInfo.externalAuthenticationType
externalUrl = $oppInfo.externalUrl
internalUrl = $oppInfo.internalUrl
isBackendCertificateValidationEnabled = $oppInfo.isBackendCertificateValidationEnabled
isHttpOnlyCookieEnabled = $oppInfo.isHttpOnlyCookieEnabled
isPersistentCookieEnabled = $oppInfo.isPersistentCookieEnabled
isSecureCookieEnabled = $oppInfo.isSecureCookieEnabled
isStateSessionEnabled = $oppInfo.isStateSessionEnabled
isTranslateHostHeaderEnabled = $oppInfo.isTranslateHostHeaderEnabled
isTranslateLinksInBodyEnabled = $oppInfo.isTranslateLinksInBodyEnabled
}

# onPremisesApplicationSegments
$segmentValues = @()
foreach ($segment in $oppInfo.onPremisesApplicationSegments)
{
$entry = @{
alternateUrl = $segment.AlternateUrl
externalUrl = $segment.externalUrl
internalUrl = $segment.internalUrl
}

$corsConfigurationValues = @()
foreach ($cors in $segment.corsConfigurations)
{
$corsEntry = @{
allowedHeaders = [Array]($cors.allowedHeaders)
allowedMethods = [Array]($cors.allowedMethods)
allowedOrigins = [Array]($cors.allowedOrigins)
maxAgeInSeconds = $cors.maxAgeInSeconds
resource = $cors.resource
}
$corsConfigurationValues += $corsEntry
}
$entry.Add('corsConfigurations', $corsConfigurationValues)
$segmentValues += $entry
}
$onPremisesPublishingValue.Add('onPremisesApplicationSegments', $segmentValues)

# singleSignOnSettings
$singleSignOnValues = @{
kerberosSignOnSettings = @{
kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName
kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType
}
singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode
}
$onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues)
}
#endregion

$result = @{
DisplayName = $AADApp.DisplayName
AvailableToOtherTenants = $AvailableToOtherTenantsValue
Expand All @@ -401,6 +475,7 @@ function Get-TargetResource
PasswordCredentials = $complexPasswordCredentials
AppRoles = $complexAppRoles
Permissions = $permissionsObj
OnPremisesPublishing = $onPremisesPublishingValue
Ensure = 'Present'
Credential = $Credential
ApplicationId = $ApplicationId
Expand Down Expand Up @@ -522,6 +597,10 @@ function Set-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Permissions,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$OnPremisesPublishing,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
Expand Down Expand Up @@ -678,6 +757,7 @@ function Set-TargetResource
$currentParameters.Remove('ReplyURLs') | Out-Null
$currentParameters.Remove('LogoutURL') | Out-Null
$currentParameters.Remove('Homepage') | Out-Null
$currentParameters.Remove('OnPremisesPublishing') | Out-Null


$keys = (([Hashtable]$currentParameters).clone()).Keys
Expand Down Expand Up @@ -944,6 +1024,74 @@ function Set-TargetResource
Write-Warning -Message "KeyCredentials cannot be updated for AAD Applications with more than one KeyCredentials due to technical limitation of Update-MgApplication Cmdlet. Learn more at: https://learn.microsoft.com/en-us/graph/api/application-addkey"
}
}

#region OnPremisesPublishing
if ($null -ne $OnPremisesPublishing)
{
$oppInfo = $OnPremisesPublishing
$onPremisesPublishingValue = @{
alternateUrl = $oppInfo.alternateUrl
applicationServerTimeout = $oppInfo.applicationServerTimeout
externalAuthenticationType = $oppInfo.externalAuthenticationType
#externalUrl = $oppInfo.externalUrl
internalUrl = $oppInfo.internalUrl
isBackendCertificateValidationEnabled = $oppInfo.isBackendCertificateValidationEnabled
isHttpOnlyCookieEnabled = $oppInfo.isHttpOnlyCookieEnabled
isPersistentCookieEnabled = $oppInfo.isPersistentCookieEnabled
isSecureCookieEnabled = $oppInfo.isSecureCookieEnabled
isStateSessionEnabled = $oppInfo.isStateSessionEnabled
isTranslateHostHeaderEnabled = $oppInfo.isTranslateHostHeaderEnabled
isTranslateLinksInBodyEnabled = $oppInfo.isTranslateLinksInBodyEnabled
}

# onPremisesApplicationSegments
$segmentValues = @()
foreach ($segment in $oppInfo.onPremisesApplicationSegments)
{
$entry = @{
alternateUrl = $segment.AlternateUrl
externalUrl = $segment.externalUrl
internalUrl = $segment.internalUrl
}

$corsConfigurationValues = @()
foreach ($cors in $segment.corsConfigurations)
{
$corsEntry = @{
allowedHeaders = [Array]($cors.allowedHeaders)
allowedMethods = [Array]($cors.allowedMethods)
allowedOrigins = [Array]($cors.allowedOrigins)
maxAgeInSeconds = $cors.maxAgeInSeconds
resource = $cors.resource
}
$corsConfigurationValues += $corsEntry
}
$entry.Add('corsConfigurations', $corsConfigurationValues)
$segmentValues += $entry
}
$onPremisesPublishingValue.Add('onPremisesApplicationSegments', $segmentValues)

# singleSignOnSettings
$singleSignOnValues = @{
kerberosSignOnSettings = @{
kerberosServicePrincipalName = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosServicePrincipalName
kerberosSignOnMappingAttributeType = $oppInfo.singleSignOnSettings.kerberosSignOnSettings.kerberosSignOnMappingAttributeType
}
singleSignOnMode = $oppInfo.singleSignOnSettings.singleSignOnMode
}
if ($null -eq $singleSignOnValues.kerberosSignOnSettings.kerberosServicePrincipalName)
{
$singleSignOnValues.Remove('kerberosSignOnSettings') | Out-Null
}

$onPremisesPublishingValue.Add('singleSignOnSettings', $singleSignOnValues)
$onPremisesPayload = ConvertTo-Json $onPremisesPublishingValue -Depth 10 -Compress
Write-Verbose -Message "Updating the OnPremisesPublishing settings for application {$($currentAADApp.DisplayName)} with payload: $onPremisesPayload"
Invoke-MgGraphRequest -Method 'PATCH' `
-Uri "https://graph.microsoft.com/beta/applications/$($currentAADApp.Id)/onPremisesPublishing" `
-Body $onPremisesPayload
}
#endregion
}

function Test-TargetResource
Expand Down Expand Up @@ -1036,6 +1184,10 @@ function Test-TargetResource
[Microsoft.Management.Infrastructure.CimInstance[]]
$Permissions,

[Parameter()]
[Microsoft.Management.Infrastructure.CimInstance]
$OnPremisesPublishing,

[Parameter()]
[ValidateSet('Present', 'Absent')]
[System.String]
Expand Down Expand Up @@ -1309,6 +1461,47 @@ function Export-TargetResource
}
}

if ($null -ne $Results.OnPremisesPublishing.singleSignOnSettings)
{
$complexMapping = @(
@{
Name = 'singleSignOnSettings'
CimInstanceName = 'AADApplicationOnPremisesPublishingSingleSignOnSetting'
IsRequired = $False
},
@{
Name = 'onPremisesApplicationSegments'
CimInstanceName = 'AADApplicationOnPremisesPublishingSegment'
IsRequired = $False
},
@{
Name = 'kerberosSignOnSettings'
CimInstanceName = 'AADApplicationOnPremisesPublishingSingleSignOnSettingKerberos'
IsRequired = $False
},
@{
Name = 'corsConfigurations'
CimInstanceName = 'AADApplicationOnPremisesPublishingSegmentCORS'
IsRequired = $False
}
)
$complexTypeStringResult = Get-M365DSCDRGComplexTypeToString `
-ComplexObject $Results.OnPremisesPublishing `
-CIMInstanceName 'AADApplicationOnPremisesPublishing' `
-ComplexTypeMapping $complexMapping
if (-not [String]::IsNullOrWhiteSpace($complexTypeStringResult))
{
$Results.OnPremisesPublishing = $complexTypeStringResult
}
else
{
$Results.Remove('OnPremisesPublishing') | Out-Null
}
}
else
{
$Results.Remove('OnPremisesPublishing') | Out-Null
}

if ($null -ne $Results.OptionalClaims)
{
Expand Down Expand Up @@ -1415,6 +1608,10 @@ function Export-TargetResource
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OptionalClaims" -IsCIMArray:$False
}
if ($Results.OnPremisesPublishing)
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "OnPremisesPublishing" -IsCIMArray:$False
}
if ($Results.AuthenticationBehaviors)
{
$currentDSCBlock = Convert-DSCStringParamToVariable -DSCBlock $currentDSCBlock -ParameterName "AuthenticationBehaviors" -IsCIMArray:$False
Expand Down
Loading

0 comments on commit 5a48be3

Please sign in to comment.