Actualizar x509CertificateAuthenticationMethodConfiguration

Espacio de nombres: microsoft.graph

Importante

Las API de la versión /beta de Microsoft Graph están sujetas a cambios. No se admite el uso de estas API en aplicaciones de producción. Para determinar si una API está disponible en la versión 1.0, use el selector de Versión.

Actualice las propiedades del método de autenticación de certificados X.509.

Esta API está disponible en las siguientes implementaciones nacionales de nube.

Servicio global	Gobierno de EE. UU. L4	Us Government L5 (DOD)	China operada por 21Vianet
✅	✅	✅	✅

Permissions

Elija el permiso o los permisos marcados como con privilegios mínimos para esta API. Use un permiso o permisos con privilegios superiores solo si la aplicación lo requiere. Para obtener más información sobre los permisos delegados y de aplicación, consulte Tipos de permisos. Para obtener más información sobre estos permisos, consulte la referencia de permisos.

Tipo de permiso	Permisos con privilegios mínimos	Permisos con privilegios más altos
Delegado (cuenta profesional o educativa)	Policy.ReadWrite.AuthenticationMethod	No disponible.
Delegado (cuenta personal de Microsoft)	No admitida.	No admitida.
Aplicación	Policy.ReadWrite.AuthenticationMethod	No disponible.

Importante

En escenarios delegados con cuentas profesionales o educativas, al usuario que ha iniciado sesión se le debe asignar un rol de Microsoft Entra compatible o un rol personalizado con un permiso de rol admitido. El administrador de directivas de autenticación es el rol con privilegios mínimos admitido para esta operación.

Solicitud HTTP

PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate

Encabezados de solicitud

Nombre	Descripción
Authorization	{token} de portador. Obligatorio. Obtenga más información sobre la autenticación y la autorización.
Content-Type	application/json. Obligatorio.

Cuerpo de la solicitud

En el cuerpo de la solicitud, proporcione solo los valores de las propiedades que se van a actualizar. Las propiedades existentes que no se incluyen en el cuerpo de la solicitud mantienen sus valores anteriores o se recalculan en función de los cambios realizados en otros valores de propiedad.

En la tabla siguiente se especifican las propiedades que se pueden actualizar.

Propiedad	Tipo	Descripción
authenticationModeConfiguration	x509CertificateAuthenticationModeConfiguration	Define configuraciones de autenticación seguras. Esta configuración incluye el modo de autenticación predeterminado y las distintas reglas para enlaces de autenticación seguros.
certificateAuthorityScopes	Colección x509CertificateAuthorityScope	Define la configuración para permitir que un grupo de usuarios use certificados de entidades de certificación emisoras específicas para autenticarse correctamente.
certificateUserBindings	Colección x509CertificateUserBinding	Define los campos del certificado X.509 que se asignan a atributos del objeto de usuario Microsoft Entra para enlazar el certificado al usuario. La prioridad del objeto determina el orden en que se lleva a cabo el enlace. Se usará el primer enlace que coincida y el resto se omitirá.
crlValidationConfiguration	x509CertificateCRLValidationConfiguration	Determina si se debe producir un error en la autenticación basada en certificados si la entidad de certificación emisora no tiene configurada una lista de revocación de certificados válida.
issuerHintsConfiguration	x509CertificateIssuerHintsConfiguration	Determina si las sugerencias de emisor (CA) se envían al lado cliente para filtrar los certificados que se muestran en el selector de certificados.
state	authenticationMethodState	Los valores posibles son: `enabled`, `disabled`.

Nota: La @odata.type propiedad con un valor de #microsoft.graph.x509CertificateAuthenticationMethodConfiguration debe incluirse en el cuerpo.

Respuesta

Si se ejecuta correctamente, este método devuelve un código de respuesta 204 No Content. No devuelve nada en el cuerpo de la respuesta.

Ejemplos

Solicitud

A continuación se muestra un ejemplo de una solicitud de actualización con la siguiente configuración:

Habilita el método de autenticación de certificados x509 en el inquilino.
Configura solo un enlace de usuario entre el certificado PrincipalName y la Microsoft Entra ID propiedades onPremisesUserPrincipalName.
Define la autenticación multifactor como requisito.
Configura las reglas de enlace para el método de autenticación segura en el tipo de regla.

PATCH https://graph.microsoft.com/beta/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate
Content-Type: application/json

{
    "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
    "id": "X509Certificate",
    "state": "enabled",
    "certificateUserBindings": [
        {
            "x509CertificateField": "PrincipalName",
            "userProperty": "onPremisesUserPrincipalName",
            "priority": 1
        }
    ],
    "authenticationModeConfiguration": {
        "x509CertificateAuthenticationDefaultMode": "x509CertificateMultiFactor",
        "rules": [
            {
                "x509CertificateRuleType": "issuerSubject",
                "identifier": "CN=ContosoCA,DC=Contoso,DC=org ",
                "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
            },
            {
                "x509CertificateRuleType": "policyOID",
                "identifier": "1.2.3.4",
                "x509CertificateAuthenticationMode": "x509CertificateMultiFactor"
            }
        ]
    },
    "issuerHintsConfiguration": {
        "state": "disabled"
    },
    "crlValidationConfiguration": {
        "state": "disabled",
        "exemptedCertificateAuthoritiesSubjectKeyIdentifiers": []
    },
    "certificateAuthorityScopes": [
        {
            "subjectKeyIdentifier": "aaaaaaaabbbbcccc111122222222222222333333",
            "publicKeyInfrastructureIdentifier": "Contoso PKI",
            "includeTargets": [
            {
                "id": "aaaaaaaa-bbbb-cccc-1111-222222222222",
                "targetType": "group"
            }
            ]
        }    
    ],
    "includeTargets": [
        {
            "targetType": "group",
            "id": "all_users",
            "isRegistrationRequired": false
        }
    ]
}


// Code snippets are only available for the latest version. Current version is 5.x

// Dependencies
using Microsoft.Graph.Beta.Models;
using Microsoft.Kiota.Abstractions.Serialization;

var requestBody = new X509CertificateAuthenticationMethodConfiguration
{
	OdataType = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
	Id = "X509Certificate",
	State = AuthenticationMethodState.Enabled,
	CertificateUserBindings = new List<X509CertificateUserBinding>
	{
		new X509CertificateUserBinding
		{
			X509CertificateField = "PrincipalName",
			UserProperty = "onPremisesUserPrincipalName",
			Priority = 1,
		},
	},
	AuthenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration
	{
		X509CertificateAuthenticationDefaultMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
		Rules = new List<X509CertificateRule>
		{
			new X509CertificateRule
			{
				X509CertificateRuleType = X509CertificateRuleType.IssuerSubject,
				Identifier = "CN=ContosoCA,DC=Contoso,DC=org ",
				X509CertificateAuthenticationMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
			},
			new X509CertificateRule
			{
				X509CertificateRuleType = X509CertificateRuleType.PolicyOID,
				Identifier = "1.2.3.4",
				X509CertificateAuthenticationMode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
			},
		},
	},
	IssuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration
	{
		State = X509CertificateIssuerHintsState.Disabled,
	},
	CertificateAuthorityScopes = new List<X509CertificateAuthorityScope>
	{
		new X509CertificateAuthorityScope
		{
			SubjectKeyIdentifier = "aaaaaaaabbbbcccc111122222222222222333333",
			PublicKeyInfrastructureIdentifier = "Contoso PKI",
			IncludeTargets = new List<IncludeTarget>
			{
				new IncludeTarget
				{
					Id = "aaaaaaaa-bbbb-cccc-1111-222222222222",
					TargetType = AuthenticationMethodTargetType.Group,
				},
			},
		},
	},
	IncludeTargets = new List<AuthenticationMethodTarget>
	{
		new AuthenticationMethodTarget
		{
			TargetType = AuthenticationMethodTargetType.Group,
			Id = "all_users",
			IsRegistrationRequired = false,
		},
	},
	AdditionalData = new Dictionary<string, object>
	{
		{
			"crlValidationConfiguration" , new UntypedObject(new Dictionary<string, UntypedNode>
			{
				{
					"state", new UntypedString("disabled")
				},
				{
					"exemptedCertificateAuthoritiesSubjectKeyIdentifiers", new UntypedArray(new List<UntypedNode>
					{
					})
				},
			})
		},
	},
};

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Policies.AuthenticationMethodsPolicy.AuthenticationMethodConfigurations["{authenticationMethodConfiguration-id}"].PatchAsync(requestBody);

Importante

Los SDK de Microsoft Graph usan la versión v1.0 de la API de manera predeterminada y no admiten todos los tipos, propiedades y API disponibles en la versión beta. Para obtener más información sobre cómo acceder a la API beta con el SDK, consulte Uso de los SDK de Microsoft Graph con la API beta.

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.


// Code snippets are only available for the latest version. Current version is 6.x

GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);

X509CertificateAuthenticationMethodConfiguration authenticationMethodConfiguration = new X509CertificateAuthenticationMethodConfiguration();
authenticationMethodConfiguration.setOdataType("#microsoft.graph.x509CertificateAuthenticationMethodConfiguration");
authenticationMethodConfiguration.setId("X509Certificate");
authenticationMethodConfiguration.setState(AuthenticationMethodState.Enabled);
LinkedList<X509CertificateUserBinding> certificateUserBindings = new LinkedList<X509CertificateUserBinding>();
X509CertificateUserBinding x509CertificateUserBinding = new X509CertificateUserBinding();
x509CertificateUserBinding.setX509CertificateField("PrincipalName");
x509CertificateUserBinding.setUserProperty("onPremisesUserPrincipalName");
x509CertificateUserBinding.setPriority(1);
certificateUserBindings.add(x509CertificateUserBinding);
authenticationMethodConfiguration.setCertificateUserBindings(certificateUserBindings);
X509CertificateAuthenticationModeConfiguration authenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration();
authenticationModeConfiguration.setX509CertificateAuthenticationDefaultMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
LinkedList<X509CertificateRule> rules = new LinkedList<X509CertificateRule>();
X509CertificateRule x509CertificateRule = new X509CertificateRule();
x509CertificateRule.setX509CertificateRuleType(X509CertificateRuleType.IssuerSubject);
x509CertificateRule.setIdentifier("CN=ContosoCA,DC=Contoso,DC=org ");
x509CertificateRule.setX509CertificateAuthenticationMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
rules.add(x509CertificateRule);
X509CertificateRule x509CertificateRule1 = new X509CertificateRule();
x509CertificateRule1.setX509CertificateRuleType(X509CertificateRuleType.PolicyOID);
x509CertificateRule1.setIdentifier("1.2.3.4");
x509CertificateRule1.setX509CertificateAuthenticationMode(X509CertificateAuthenticationMode.X509CertificateMultiFactor);
rules.add(x509CertificateRule1);
authenticationModeConfiguration.setRules(rules);
authenticationMethodConfiguration.setAuthenticationModeConfiguration(authenticationModeConfiguration);
X509CertificateIssuerHintsConfiguration issuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration();
issuerHintsConfiguration.setState(X509CertificateIssuerHintsState.Disabled);
authenticationMethodConfiguration.setIssuerHintsConfiguration(issuerHintsConfiguration);
LinkedList<X509CertificateAuthorityScope> certificateAuthorityScopes = new LinkedList<X509CertificateAuthorityScope>();
X509CertificateAuthorityScope x509CertificateAuthorityScope = new X509CertificateAuthorityScope();
x509CertificateAuthorityScope.setSubjectKeyIdentifier("aaaaaaaabbbbcccc111122222222222222333333");
x509CertificateAuthorityScope.setPublicKeyInfrastructureIdentifier("Contoso PKI");
LinkedList<IncludeTarget> includeTargets = new LinkedList<IncludeTarget>();
IncludeTarget includeTarget = new IncludeTarget();
includeTarget.setId("aaaaaaaa-bbbb-cccc-1111-222222222222");
includeTarget.setTargetType(AuthenticationMethodTargetType.Group);
includeTargets.add(includeTarget);
x509CertificateAuthorityScope.setIncludeTargets(includeTargets);
certificateAuthorityScopes.add(x509CertificateAuthorityScope);
authenticationMethodConfiguration.setCertificateAuthorityScopes(certificateAuthorityScopes);
LinkedList<AuthenticationMethodTarget> includeTargets1 = new LinkedList<AuthenticationMethodTarget>();
AuthenticationMethodTarget authenticationMethodTarget = new AuthenticationMethodTarget();
authenticationMethodTarget.setTargetType(AuthenticationMethodTargetType.Group);
authenticationMethodTarget.setId("all_users");
authenticationMethodTarget.setIsRegistrationRequired(false);
includeTargets1.add(authenticationMethodTarget);
authenticationMethodConfiguration.setIncludeTargets(includeTargets1);
HashMap<String, Object> additionalData = new HashMap<String, Object>();
 crlValidationConfiguration = new ();
crlValidationConfiguration.setState("disabled");
LinkedList<Object> exemptedCertificateAuthoritiesSubjectKeyIdentifiers = new LinkedList<Object>();
crlValidationConfiguration.setExemptedCertificateAuthoritiesSubjectKeyIdentifiers(exemptedCertificateAuthoritiesSubjectKeyIdentifiers);
additionalData.put("crlValidationConfiguration", crlValidationConfiguration);
authenticationMethodConfiguration.setAdditionalData(additionalData);
AuthenticationMethodConfiguration result = graphClient.policies().authenticationMethodsPolicy().authenticationMethodConfigurations().byAuthenticationMethodConfigurationId("{authenticationMethodConfiguration-id}").patch(authenticationMethodConfiguration);

Importante

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.


const options = {
	authProvider,
};

const client = Client.init(options);

const authenticationMethodConfiguration = {
    '@odata.type': '#microsoft.graph.x509CertificateAuthenticationMethodConfiguration',
    id: 'X509Certificate',
    state: 'enabled',
    certificateUserBindings: [
        {
            x509CertificateField: 'PrincipalName',
            userProperty: 'onPremisesUserPrincipalName',
            priority: 1
        }
    ],
    authenticationModeConfiguration: {
        x509CertificateAuthenticationDefaultMode: 'x509CertificateMultiFactor',
        rules: [
            {
                x509CertificateRuleType: 'issuerSubject',
                identifier: 'CN=ContosoCA,DC=Contoso,DC=org ',
                x509CertificateAuthenticationMode: 'x509CertificateMultiFactor'
            },
            {
                x509CertificateRuleType: 'policyOID',
                identifier: '1.2.3.4',
                x509CertificateAuthenticationMode: 'x509CertificateMultiFactor'
            }
        ]
    },
    issuerHintsConfiguration: {
        state: 'disabled'
    },
    crlValidationConfiguration: {
        state: 'disabled',
        exemptedCertificateAuthoritiesSubjectKeyIdentifiers: []
    },
    certificateAuthorityScopes: [
        {
            subjectKeyIdentifier: 'aaaaaaaabbbbcccc111122222222222222333333',
            publicKeyInfrastructureIdentifier: 'Contoso PKI',
            includeTargets: [
            {
                id: 'aaaaaaaa-bbbb-cccc-1111-222222222222',
                targetType: 'group'
            }
            ]
        }    
    ],
    includeTargets: [
        {
            targetType: 'group',
            id: 'all_users',
            isRegistrationRequired: false
        }
    ]
};

await client.api('/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/x509Certificate')
	.version('beta')
	.update(authenticationMethodConfiguration);

Importante

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.


<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationMethodConfiguration;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodState;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateUserBinding;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationModeConfiguration;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthenticationMode;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateRule;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateRuleType;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateIssuerHintsConfiguration;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateIssuerHintsState;
use Microsoft\Graph\Beta\Generated\Models\X509CertificateAuthorityScope;
use Microsoft\Graph\Beta\Generated\Models\IncludeTarget;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTargetType;
use Microsoft\Graph\Beta\Generated\Models\AuthenticationMethodTarget;


$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);

$requestBody = new X509CertificateAuthenticationMethodConfiguration();
$requestBody->setOdataType('#microsoft.graph.x509CertificateAuthenticationMethodConfiguration');
$requestBody->setId('X509Certificate');
$requestBody->setState(new AuthenticationMethodState('enabled'));
$certificateUserBindingsX509CertificateUserBinding1 = new X509CertificateUserBinding();
$certificateUserBindingsX509CertificateUserBinding1->setX509CertificateField('PrincipalName');
$certificateUserBindingsX509CertificateUserBinding1->setUserProperty('onPremisesUserPrincipalName');
$certificateUserBindingsX509CertificateUserBinding1->setPriority(1);
$certificateUserBindingsArray []= $certificateUserBindingsX509CertificateUserBinding1;
$requestBody->setCertificateUserBindings($certificateUserBindingsArray);

$authenticationModeConfiguration = new X509CertificateAuthenticationModeConfiguration();
$authenticationModeConfiguration->setX509CertificateAuthenticationDefaultMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesX509CertificateRule1 = new X509CertificateRule();
$rulesX509CertificateRule1->setX509CertificateRuleType(new X509CertificateRuleType('issuerSubject'));
$rulesX509CertificateRule1->setIdentifier('CN=ContosoCA,DC=Contoso,DC=org ');
$rulesX509CertificateRule1->setX509CertificateAuthenticationMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesArray []= $rulesX509CertificateRule1;
$rulesX509CertificateRule2 = new X509CertificateRule();
$rulesX509CertificateRule2->setX509CertificateRuleType(new X509CertificateRuleType('policyOID'));
$rulesX509CertificateRule2->setIdentifier('1.2.3.4');
$rulesX509CertificateRule2->setX509CertificateAuthenticationMode(new X509CertificateAuthenticationMode('x509CertificateMultiFactor'));
$rulesArray []= $rulesX509CertificateRule2;
$authenticationModeConfiguration->setRules($rulesArray);

$requestBody->setAuthenticationModeConfiguration($authenticationModeConfiguration);
$issuerHintsConfiguration = new X509CertificateIssuerHintsConfiguration();
$issuerHintsConfiguration->setState(new X509CertificateIssuerHintsState('disabled'));
$requestBody->setIssuerHintsConfiguration($issuerHintsConfiguration);
$certificateAuthorityScopesX509CertificateAuthorityScope1 = new X509CertificateAuthorityScope();
$certificateAuthorityScopesX509CertificateAuthorityScope1->setSubjectKeyIdentifier('aaaaaaaabbbbcccc111122222222222222333333');
$certificateAuthorityScopesX509CertificateAuthorityScope1->setPublicKeyInfrastructureIdentifier('Contoso PKI');
$includeTargetsIncludeTarget1 = new IncludeTarget();
$includeTargetsIncludeTarget1->setId('aaaaaaaa-bbbb-cccc-1111-222222222222');
$includeTargetsIncludeTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsArray []= $includeTargetsIncludeTarget1;
$certificateAuthorityScopesX509CertificateAuthorityScope1->setIncludeTargets($includeTargetsArray);

$certificateAuthorityScopesArray []= $certificateAuthorityScopesX509CertificateAuthorityScope1;
$requestBody->setCertificateAuthorityScopes($certificateAuthorityScopesArray);

$includeTargetsAuthenticationMethodTarget1 = new AuthenticationMethodTarget();
$includeTargetsAuthenticationMethodTarget1->setTargetType(new AuthenticationMethodTargetType('group'));
$includeTargetsAuthenticationMethodTarget1->setId('all_users');
$includeTargetsAuthenticationMethodTarget1->setIsRegistrationRequired(false);
$includeTargetsArray []= $includeTargetsAuthenticationMethodTarget1;
$requestBody->setIncludeTargets($includeTargetsArray);

$additionalData = [
'crlValidationConfiguration' => [
'state' => 'disabled',
'exemptedCertificateAuthoritiesSubjectKeyIdentifiers' => [],
],
];
$requestBody->setAdditionalData($additionalData);

$result = $graphServiceClient->policies()->authenticationMethodsPolicy()->authenticationMethodConfigurations()->byAuthenticationMethodConfigurationId('authenticationMethodConfiguration-id')->patch($requestBody)->wait();

Importante

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.


Import-Module Microsoft.Graph.Beta.Identity.SignIns

$params = @{
	"@odata.type" = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration"
	id = "X509Certificate"
	state = "enabled"
	certificateUserBindings = @(
		@{
			x509CertificateField = "PrincipalName"
			userProperty = "onPremisesUserPrincipalName"
			priority = 
		}
	)
	authenticationModeConfiguration = @{
		x509CertificateAuthenticationDefaultMode = "x509CertificateMultiFactor"
		rules = @(
			@{
				x509CertificateRuleType = "issuerSubject"
				identifier = "CN=ContosoCA,DC=Contoso,DC=org "
				x509CertificateAuthenticationMode = "x509CertificateMultiFactor"
			}
			@{
				x509CertificateRuleType = "policyOID"
				identifier = "1.2.3.4"
				x509CertificateAuthenticationMode = "x509CertificateMultiFactor"
			}
		)
	}
	issuerHintsConfiguration = @{
		state = "disabled"
	}
	crlValidationConfiguration = @{
		state = "disabled"
		exemptedCertificateAuthoritiesSubjectKeyIdentifiers = @(
		)
	}
	certificateAuthorityScopes = @(
		@{
			subjectKeyIdentifier = "aaaaaaaabbbbcccc111122222222222222333333"
			publicKeyInfrastructureIdentifier = "Contoso PKI"
			includeTargets = @(
				@{
					id = "aaaaaaaa-bbbb-cccc-1111-222222222222"
					targetType = "group"
				}
			)
		}
	)
	includeTargets = @(
		@{
			targetType = "group"
			id = "all_users"
			isRegistrationRequired = $false
		}
	)
}

Update-MgBetaPolicyAuthenticationMethodPolicyAuthenticationMethodConfiguration -AuthenticationMethodConfigurationId $authenticationMethodConfigurationId -BodyParameter $params

Importante

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.


# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.x509_certificate_authentication_method_configuration import X509CertificateAuthenticationMethodConfiguration
from msgraph_beta.generated.models.authentication_method_state import AuthenticationMethodState
from msgraph_beta.generated.models.x509_certificate_user_binding import X509CertificateUserBinding
from msgraph_beta.generated.models.x509_certificate_authentication_mode_configuration import X509CertificateAuthenticationModeConfiguration
from msgraph_beta.generated.models.x509_certificate_authentication_mode import X509CertificateAuthenticationMode
from msgraph_beta.generated.models.x509_certificate_rule import X509CertificateRule
from msgraph_beta.generated.models.x509_certificate_rule_type import X509CertificateRuleType
from msgraph_beta.generated.models.x509_certificate_issuer_hints_configuration import X509CertificateIssuerHintsConfiguration
from msgraph_beta.generated.models.x509_certificate_issuer_hints_state import X509CertificateIssuerHintsState
from msgraph_beta.generated.models.x509_certificate_authority_scope import X509CertificateAuthorityScope
from msgraph_beta.generated.models.include_target import IncludeTarget
from msgraph_beta.generated.models.authentication_method_target_type import AuthenticationMethodTargetType
from msgraph_beta.generated.models.authentication_method_target import AuthenticationMethodTarget
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = X509CertificateAuthenticationMethodConfiguration(
	odata_type = "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration",
	id = "X509Certificate",
	state = AuthenticationMethodState.Enabled,
	certificate_user_bindings = [
		X509CertificateUserBinding(
			x509_certificate_field = "PrincipalName",
			user_property = "onPremisesUserPrincipalName",
			priority = 1,
		),
	],
	authentication_mode_configuration = X509CertificateAuthenticationModeConfiguration(
		x509_certificate_authentication_default_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
		rules = [
			X509CertificateRule(
				x509_certificate_rule_type = X509CertificateRuleType.IssuerSubject,
				identifier = "CN=ContosoCA,DC=Contoso,DC=org ",
				x509_certificate_authentication_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
			),
			X509CertificateRule(
				x509_certificate_rule_type = X509CertificateRuleType.PolicyOID,
				identifier = "1.2.3.4",
				x509_certificate_authentication_mode = X509CertificateAuthenticationMode.X509CertificateMultiFactor,
			),
		],
	),
	issuer_hints_configuration = X509CertificateIssuerHintsConfiguration(
		state = X509CertificateIssuerHintsState.Disabled,
	),
	certificate_authority_scopes = [
		X509CertificateAuthorityScope(
			subject_key_identifier = "aaaaaaaabbbbcccc111122222222222222333333",
			public_key_infrastructure_identifier = "Contoso PKI",
			include_targets = [
				IncludeTarget(
					id = "aaaaaaaa-bbbb-cccc-1111-222222222222",
					target_type = AuthenticationMethodTargetType.Group,
				),
			],
		),
	],
	include_targets = [
		AuthenticationMethodTarget(
			target_type = AuthenticationMethodTargetType.Group,
			id = "all_users",
			is_registration_required = False,
		),
	],
	additional_data = {
			"crl_validation_configuration" : {
					"state" : "disabled",
					"exempted_certificate_authorities_subject_key_identifiers" : [
					],
			},
	}
)

result = await graph_client.policies.authentication_methods_policy.authentication_method_configurations.by_authentication_method_configuration_id('authenticationMethodConfiguration-id').patch(request_body)

Importante

Para obtener más información sobre cómo agregar el SDK al proyecto y crear una instancia de authProvider, consulte la documentación del SDK.

Respuesta

HTTP/1.1 204 No Content

Comentarios

¿Le ha resultado útil esta página?

Last updated on 2025-07-24

Compartir a través de

Actualizar x509CertificateAuthenticationMethodConfiguration

Permissions

Solicitud HTTP

Encabezados de solicitud

Cuerpo de la solicitud

Respuesta

Ejemplos

Solicitud

Respuesta

Comentarios

Recursos adicionales