Workload Identity Federation Preview #884
Replies: 3 comments 8 replies
-
This is HUGE and works perfectly for tasks which invoke the service connection directly. For one of my use cases, however, I'm running # azure-pipelines.yml
- task: Bash@3
displayName: Deploy solutions
inputs:
filePath: 'deploySolutions.sh'
env:
url: $(PP_ENV_URL)
envName: $(PP_ENV_NAME)
applicationId: $(CLIENT_ID)
tenant: $(TENANT)
PAC_ADO_ID_TOKEN_REQUEST_TOKEN: $(PAC_ADO_ID_TOKEN_REQUEST_TOKEN)
PAC_ADO_ID_TOKEN_REQUEST_URL: $(PAC_ADO_ID_TOKEN_REQUEST_URL) # deploySolutions.sh
pac auth create --url $url --name $envName --applicationId $applicationId --tenant $tenant --azureDevOpsFederated What am I missing? |
Beta Was this translation helpful? Give feedback.
-
We have started to move over to using the Workload Identity federation. Noticed an issue using the # yaml
- task: PowerPlatformSetConnectionVariables@2
displayName: 'Get Service Principal Credentials'
name: SP_credentials
inputs:
authenticationType: 'PowerPlatformSPN'
PowerPlatformSPN: ${{ parameters.SPN }}
Not something we've seen before and replicated it on both pipelines where we'd updated the Service Connection to use WIF Other tasks using the SPN worked with no issue. |
Beta Was this translation helpful? Give feedback.
-
Dropping this here, for anyone else looking for how to find the "AzureDevOpsOrganizationID" value (courtesy of @tehcrashxor) #916 (comment)
|
Beta Was this translation helpful? Give feedback.
-
With the release of Power Platform Build Tools v2.0.69 and its underlying PAC v1.32.6, Service Principals can now authenticate with OpenID Connect (OIDC), federated with Azure DevOps . This enables the removal of Service Connections with Client Secrets.
To use this new option:
Add Federated Credentials to the App Registration
https://vstoken.dev.azure.com/[AzureDevOpsOrganizationID]
sc://[AzureDevOpsOrganizationName]/[AzureDevOpsProjectName]/[AzureDevOpsServiceConnectionName]
Beta Was this translation helpful? Give feedback.
All reactions