Add SendCertificateChain to Connect-Entra (#1413)

KenitoInc · web-flow · commit 609e4f52f425 · 2025-03-18T20:13:41.000+03:00
diff --git a/module/Entra/Microsoft.Entra/Authentication/Connect-Entra.ps1 b/module/Entra/Microsoft.Entra/Authentication/Connect-Entra.ps1
@@ -21,6 +21,9 @@ function Connect-Entra {
         [Parameter(ParameterSetName = 'AppCertificateParameterSet', Position = 3, HelpMessage = 'The thumbprint of your certificate. The Certificate will be retrieved from the current user''s certificate store.')]
         [string] $CertificateThumbprint,
 
+        [Parameter(ParameterSetName='AppCertificateParameterSet', HelpMessage='Include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication using given certificate.')]
+        [bool] ${SendCertificateChain},
+
         [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'An X.509 certificate supplied during invocation.')]
         [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,
 
diff --git a/module/EntraBeta/Microsoft.Entra.Beta/Authentication/Connect-Entra.ps1 b/module/EntraBeta/Microsoft.Entra.Beta/Authentication/Connect-Entra.ps1
@@ -21,6 +21,9 @@ function Connect-Entra {
         [Parameter(ParameterSetName = 'AppCertificateParameterSet', Position = 3, HelpMessage = 'The thumbprint of your certificate. The Certificate will be retrieved from the current user''s certificate store.')]
         [string] $CertificateThumbprint,
 
+        [Parameter(ParameterSetName='AppCertificateParameterSet', HelpMessage='Include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication using given certificate.')]
+        [bool] ${SendCertificateChain},
+
         [Parameter(ParameterSetName = 'AppCertificateParameterSet', HelpMessage = 'An X.509 certificate supplied during invocation.')]
         [System.Security.Cryptography.X509Certificates.X509Certificate2] $Certificate,
 
diff --git a/module/docs/entra-powershell-beta/Authentication/Connect-Entra.md b/module/docs/entra-powershell-beta/Authentication/Connect-Entra.md
@@ -45,6 +45,7 @@ Connect-Entra
  [-ClientId] <String>
  [[-CertificateSubjectName] <String>]
  [[-CertificateThumbprint] <String>]
+ [-SendCertificateChain <Boolean>]
  [-Certificate <X509Certificate2>]
  [-TenantId <String>]
  [-ContextScope <ContextScope>]
@@ -330,7 +331,7 @@ Specifies the application ID of the service principal.
 
 ```yaml
 Type:  System.String
-Parameter Sets: UserParameterSet, IdentityParameterSet
+Parameter Sets: UserParameterSet, IdentityParameterSet, AppCertificateParameterSet
 Aliases: AppId, ApplicationId
 
 Required: False
@@ -340,18 +341,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-```yaml
-Type:  System.String
-Parameter Sets: AppCertificateParameterSet
-Aliases: AppId, ApplicationId
-
-Required: True
-Position: 1
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -TenantId
 
 Specifies the ID of a tenant.
@@ -553,6 +542,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SendCertificateChain
+
+Include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication using given certificate.
+
+```yaml
+Type: Boolean
+Parameter Sets: AppCertificateParameterSet
+Aliases:
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ProgressAction
 
 The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.
diff --git a/module/docs/entra-powershell-v1.0/Authentication/Connect-Entra.md b/module/docs/entra-powershell-v1.0/Authentication/Connect-Entra.md
@@ -45,6 +45,7 @@ Connect-Entra
 [-ClientId] <String>
 [[-CertificateSubjectName] <String>]
 [[-CertificateThumbprint] <String>]
+[-SendCertificateChain <Boolean>]
 [-Certificate <X509Certificate2>]
 [-TenantId <String>]
 [-ContextScope <ContextScope>]
@@ -330,7 +331,7 @@ Specifies the application ID of the service principal.
 
 ```yaml
 Type:  System.String
-Parameter Sets: UserParameterSet, IdentityParameterSet
+Parameter Sets: UserParameterSet, IdentityParameterSet, AppCertificateParameterSet
 Aliases: AppId, ApplicationId
 
 Required: False
@@ -340,18 +341,6 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
-```yaml
-Type:  System.String
-Parameter Sets: AppCertificateParameterSet
-Aliases: AppId, ApplicationId
-
-Required: True
-Position: 1
-Default value: None
-Accept pipeline input: False
-Accept wildcard characters: False
-```
-
 ### -TenantId
 
 Specifies the ID of a tenant.
@@ -553,6 +542,21 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+### -SendCertificateChain
+
+Include x5c header in client claims when acquiring a token to enable subject name / issuer based authentication using given certificate.
+
+```yaml
+Type: Boolean
+Parameter Sets: AppCertificateParameterSet
+Aliases:
+Required: False
+Position: Named
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -ProgressAction
 
 The ProgressAction parameter takes one of the ActionPreference enumeration values: SilentlyContinue, Stop, Continue, Inquire, Ignore, Suspend, or Break.
