There currently exists an Intune connector for EJBCA at https://github.com/agerbergt/intune-ejbca-connector.
Upon analysis, it turns out that all this connector in reality does is extract the P10 from a SCEP request and pass it on to EJBCA using WS, in addition to making a single call to Intune using a provided Microsoft lib.
To complete this ticket:
- Add the required libraries from microsoft required to perform intune request verification
- Add the required configuration fields to SCEP aliases
- Note that for Intune to work, the password in the PKCS#10 should be ignored by EJBCA (as this is set by the client and verified by Intune), and the CA in the request should be ignored (the client will always specify the CA name as "ca")
- Add the Intune call to SCEP RA mode