Using Keycloak with Azure AD to integrate AKS Cluster authentication process
Integrating Azure Kubernetes Service (AKS) with Keycloak through Azure Active Directory (Azure AD) as an intermediary leverages Azure AD’s support for OpenID Connect (OIDC) to handle authentication and authorization. This integration enhances security, streamlines user management, and simplifies the authentication process for users accessing the AKS cluster.Connect-AzAccount with Managed Service Identity
I'm running PowerShell in the context of an Azure Web App that has a System Managed Service Identity configured. Currently, I can access the Key Vault by doing this: $MsiHeader = @{'Secret' = $env:MSI_SECRET} $VaultResource = "<a href="https://vault.azure.net" target="_blank">https://vault.azure.net</a>" $ApiVersion = "2017-09-01" $VaultUri = "{0}?resource={1}&api-version={2}" -f $env:MSI_Endpoint, $VaultResource, $ApiVersion $VaultHeader = @{ Authorization = "Bearer $($VaultAuth.access_token)" } $Secret = Invoke-RestMethod "<a href="https://MyVault.vault.azure.net/secrets/testsecret?api-version=7.0" target="_blank">https://MyVault.vault.azure.net/secrets/testsecret?api-version=7.0</a>" -Headers $VaultHeader This works just fine for accessing the vault, but is it possible to use the MSI to connect to Azure resources using the Az PowerShell module? If so, how can this be done? I can't quite seem to figure out how to do this properly. I've tried hacking at it like this: $MsiHostName,$MsiPort = $env:MSI_ENDPOINT -replace 'http://' -replace '/MSI/token/' -split ':' $null = Connect-AzAccount -ManagedServiceHostName $MsiHostName -ManagedServicePort $MsiPort -ManagedServiceSecret $env:MSI_SECRET But this doesn't seem to work and I can't find any examples of this on the web. Any help with this is much appreciated!Improving Web Application Performance Using Azure Cache for Redis
We recently released the Web App + Database and Cache in Azure portal | Create a resource for easily creating an Azure Cache for Redis with a Web App and a database. Adding Azure Cache for Redis to your web application can obliterate bottlenecks and provide a consistently fast and responsive user experience by caching the frequently accessed information to avoid the overhead of expensive API calls and database interactions. Try out adding Azure Cache for Redis to your web application today and see how much faster your app will run!Unable to move Azure App Service to another Subscription
Hello Community, I have a App Service, that has been deployed from the marketplace (Wordpress) with a MySQL DB. I want this whole Service, App Service, App Service Plan and MY SQL DB to be moved to another Subscription. But, i always run in Problems. During the Verification Process i get this Issues: {"code":"ResourceMoveProviderValidationFailed","message":"Resource move validation failed. Please see details. Diagnostic information: timestamp '20200213T100755Z', subscription id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx', tracking id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx', request correlation id 'xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx'.","details":[{"code":"ResourceMoveProviderValidationFailed","target":"Microsoft.Web/certificates","message":"{\"Code\":\"BadRequest\",\"Message\":\"Please select all the Microsoft.Web resources from 'Default-Web-WestEurope' resource group for cross-subscription migration. Also, please ensure destination resource group 'XXXX-RG' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: XXXXXXXX-projects (Microsoft.Web/sites)\\r\\n WebApplication38953 (Microsoft.Web/sites)\\r\\n timetrackernewsfeed (Microsoft.Web/sites)\\r\\n XXXXXXXX-blog (Microsoft.Web/sites)\\r\\n XXXXXX (Microsoft.Web/sites). This resource is located in resource group 'XXXXXX_Prod', but hosted in the resource group 'Default-Web-WestEurope'. This may be a result of prior move operations. Move it back to respective hosting resource group\\r\\n Default1 (Microsoft.Web/serverFarms)\\r\\n XXXXXX-blog-Plan (Microsoft.Web/serverFarms)\\r\\n XXXXXXX-projects (Microsoft.Web/serverFarms)\\r\\n DD90514816160753107856EA67F8B067B92F04D3-WestEuropewebspace (Microsoft.Web/certificates)\\r\\n. Please check this link for more information: https://portal.azure.com/?websitesextension_ext=asd.featurePath%3Ddetectors%2FMigration#resource/subscriptions/XXXXX-xxxxx-xxxx-xxxxx-xxxxxxxxx/resourceGroups/Default-Web-WestEurope/providers/Microsoft.Web/sites/xxxxxxxxx-projects/troubleshoot\",\"Target\":null,\"Details\":[{\"Message\":\"Please select all the Microsoft.Web resources from 'Default-Web-WestEurope' resource group for cross-subscription migration. Also, please ensure destination resource group 'xxxxxxx-RG' doesn't have any Microsoft.Web resources before move operation. Here is the list of resources you have to move together: xxxxxx-projects (Microsoft.Web/sites)\\r\\n WebApplication367843 (Microsoft.Web/sites)\\r\\n xxxxxxx(Microsoft.Web/sites)\\r\\n xxxxxx-blog (Microsoft.Web/sites)\\r\\n xxxxxxx I also removed the Certificate and tried to move, but still not working. Any hints or solutions for this Problem? Thanks & Kind Regards, Peter
