diff --git a/eng/versioning/external_dependencies.txt b/eng/versioning/external_dependencies.txt
index ecd6360c2305..da462ce063c9 100644
--- a/eng/versioning/external_dependencies.txt
+++ b/eng/versioning/external_dependencies.txt
@@ -152,7 +152,7 @@ com.microsoft.azure:azure-mgmt-resources;1.3.0
com.microsoft.azure:azure-mgmt-search;1.24.1
com.microsoft.azure:azure-mgmt-storage;1.3.0
com.microsoft.azure:azure-storage;8.0.0
-com.microsoft.azure:msal4j;1.6.2
+com.microsoft.azure:msal4j;1.7.1
com.microsoft.azure:msal4j-persistence-extension;1.0.0
com.sun.activation:jakarta.activation;1.2.2
io.opentelemetry:opentelemetry-api;0.6.0
@@ -212,7 +212,7 @@ io.dropwizard.metrics:metrics-core;4.1.12.1
io.dropwizard.metrics:metrics-graphite;4.1.12.1
io.dropwizard.metrics:metrics-jvm;4.1.12.1
io.reactivex.rxjava2:rxjava;2.2.19
-net.java.dev.jna:jna-platform;5.4.0
+net.java.dev.jna:jna-platform;5.6.0
net.jonathangiles.tools:dependencyChecker-maven-plugin;1.0.4
net.jonathangiles.tools:whitelistgenerator-maven-plugin;1.0.2
org.apache.commons:commons-collections4;4.2
diff --git a/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml b/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
index 29648b40d78b..bdaeb11e7fc7 100644
--- a/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
+++ b/sdk/eventhubs/microsoft-azure-eventhubs/pom.xml
@@ -81,7 +81,7 @@
com.microsoft.azure
msal4j
- 1.6.2
+ 1.7.1
test
diff --git a/sdk/identity/azure-identity/pom.xml b/sdk/identity/azure-identity/pom.xml
index 59de5399c6c7..195e3721d520 100644
--- a/sdk/identity/azure-identity/pom.xml
+++ b/sdk/identity/azure-identity/pom.xml
@@ -38,7 +38,7 @@
com.microsoft.azure
msal4j
- 1.6.2
+ 1.7.1
com.microsoft.azure
@@ -78,7 +78,7 @@
net.java.dev.jna
jna-platform
- 5.4.0
+ 5.6.0
io.projectreactor
@@ -111,10 +111,10 @@
- com.microsoft.azure:msal4j:[1.6.2]
+ com.microsoft.azure:msal4j:[1.7.1]
com.microsoft.azure:msal4j-persistence-extension:[1.0.0]
com.nimbusds:oauth2-oidc-sdk:[7.1.1]
- net.java.dev.jna:jna-platform:[5.4.0]
+ net.java.dev.jna:jna-platform:[5.6.0]
org.linguafranca.pwdb:KeePassJava2:[2.1.4]
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
index f6697386b1d8..46525dc7c83b 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/ClientCertificateCredentialBuilder.java
@@ -65,6 +65,18 @@ public ClientCertificateCredentialBuilder enablePersistentCache() {
return this;
}
+ /**
+ * Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request
+ * and enable subject name / issuer based authentication. The default value is false.
+ *
+ * @param includeX5c the flag to indicate if x5c should be sent as part of authentication request.
+ * @return An updated instance of this builder.
+ */
+ public ClientCertificateCredentialBuilder includeX5c(boolean includeX5c) {
+ this.identityClientOptions.setIncludeX5c(includeX5c);
+ return this;
+ }
+
/**
* Creates a new {@link ClientCertificateCredential} with the current configurations.
*
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java
index c4c74719d965..4858033ec16c 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/DeviceCodeCredential.java
@@ -122,8 +122,9 @@ public Mono authenticate() {
private AccessToken updateCache(MsalToken msalToken) {
cachedToken.set(
new MsalAuthenticationAccount(
- new AuthenticationRecord(msalToken.getAuthenticationResult(),
- identityClient.getTenantId(), identityClient.getClientId())));
+ new AuthenticationRecord(msalToken.getAuthenticationResult(),
+ identityClient.getTenantId(), identityClient.getClientId()),
+ msalToken.getAccount().getTenantProfiles()));
return msalToken;
}
}
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java
index 8d2c705a78c6..b1fdcc6ae572 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/InteractiveBrowserCredential.java
@@ -121,8 +121,9 @@ public Mono authenticate() {
private AccessToken updateCache(MsalToken msalToken) {
cachedToken.set(
new MsalAuthenticationAccount(
- new AuthenticationRecord(msalToken.getAuthenticationResult(),
- identityClient.getTenantId(), identityClient.getClientId())));
+ new AuthenticationRecord(msalToken.getAuthenticationResult(),
+ identityClient.getTenantId(), identityClient.getClientId()),
+ msalToken.getAccount().getTenantProfiles()));
return msalToken;
}
}
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java
index 6c86dcc239dc..fc8775ca9bef 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/UsernamePasswordCredential.java
@@ -103,8 +103,9 @@ public Mono authenticate() {
private AccessToken updateCache(MsalToken msalToken) {
cachedToken.set(
new MsalAuthenticationAccount(
- new AuthenticationRecord(msalToken.getAuthenticationResult(),
- identityClient.getTenantId(), identityClient.getClientId())));
+ new AuthenticationRecord(msalToken.getAuthenticationResult(),
+ identityClient.getTenantId(), identityClient.getClientId()),
+ msalToken.getAccount().getTenantProfiles()));
return msalToken;
}
}
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
index 62e073f6c619..bf5ff3e88d9b 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java
@@ -62,6 +62,8 @@
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.LocalDateTime;
import java.time.OffsetDateTime;
@@ -175,9 +177,15 @@ private ConfidentialClientApplication getConfidentialClientApplication() {
if (certificatePassword == null) {
byte[] pemCertificateBytes = Files.readAllBytes(Paths.get(certificatePath));
- credential = ClientCredentialFactory.createFromCertificate(
- CertificateUtil.privateKeyFromPem(pemCertificateBytes),
- CertificateUtil.publicKeyFromPem(pemCertificateBytes));
+ List x509CertificateList = CertificateUtil.publicKeyFromPem(pemCertificateBytes);
+ PrivateKey privateKey = CertificateUtil.privateKeyFromPem(pemCertificateBytes);
+ if (x509CertificateList.size() == 1) {
+ credential = ClientCredentialFactory.createFromCertificate(
+ privateKey, x509CertificateList.get(0));
+ } else {
+ credential = ClientCredentialFactory.createFromCertificateChain(
+ privateKey, x509CertificateList);
+ }
} else {
credential = ClientCredentialFactory.createFromCertificate(
new FileInputStream(certificatePath), certificatePassword);
@@ -190,6 +198,7 @@ private ConfidentialClientApplication getConfidentialClientApplication() {
throw logger.logExceptionAsError(
new IllegalArgumentException("Must provide client secret or client certificate path"));
}
+
ConfidentialClientApplication.Builder applicationBuilder =
ConfidentialClientApplication.builder(clientId, credential);
try {
@@ -198,6 +207,8 @@ private ConfidentialClientApplication getConfidentialClientApplication() {
throw logger.logExceptionAsWarning(new IllegalStateException(e));
}
+ applicationBuilder.sendX5c(options.isIncludeX5c());
+
initializeHttpPipelineAdapter();
if (httpPipelineAdapter != null) {
applicationBuilder.httpClient(httpPipelineAdapter);
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
index 239244ad338e..5c2cc3b0a587 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClientOptions.java
@@ -32,6 +32,7 @@ public final class IdentityClientOptions {
private boolean allowUnencryptedCache;
private boolean sharedTokenCacheEnabled;
private String keePassDatabasePath;
+ private boolean includeX5c;
private AuthenticationRecord authenticationRecord;
/**
@@ -242,6 +243,28 @@ public IdentityClientOptions setAuthenticationRecord(AuthenticationRecord authen
return this;
}
+
+ /**
+ * Get the status whether x5c claim (public key of the certificate) should be included as part of the authentication
+ * request or not.
+ * @return the status of x5c claim inclusion.
+ */
+ public boolean isIncludeX5c() {
+ return includeX5c;
+ }
+
+ /**
+ * Specifies if the x5c claim (public key of the certificate) should be sent as part of the authentication request.
+ * The default value is false.
+ *
+ * @param includeX5c true if the x5c should be sent. Otherwise false
+ * @return The updated identity client options.
+ */
+ public IdentityClientOptions setIncludeX5c(boolean includeX5c) {
+ this.includeX5c = includeX5c;
+ return this;
+ }
+
/**
* Get the configured {@link AuthenticationRecord}.
*
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/MsalAuthenticationAccount.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/MsalAuthenticationAccount.java
index ac9d36cc6b37..13be82259863 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/MsalAuthenticationAccount.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/MsalAuthenticationAccount.java
@@ -5,14 +5,24 @@
import com.azure.identity.AuthenticationRecord;
import com.microsoft.aad.msal4j.IAccount;
+import com.microsoft.aad.msal4j.ITenantProfile;
+
+import java.util.Map;
public class MsalAuthenticationAccount implements IAccount {
private AuthenticationRecord authenticationRecord;
+ private Map tenantProfiles;
public MsalAuthenticationAccount(AuthenticationRecord authenticationRecord) {
this.authenticationRecord = authenticationRecord;
}
+ public MsalAuthenticationAccount(AuthenticationRecord authenticationRecord,
+ Map tenantProfiles) {
+ this.authenticationRecord = authenticationRecord;
+ this.tenantProfiles = tenantProfiles;
+ }
+
@Override
public String homeAccountId() {
return authenticationRecord.getHomeAccountId();
@@ -28,6 +38,11 @@ public String username() {
return authenticationRecord.getUsername();
}
+ @Override
+ public Map getTenantProfiles() {
+ return tenantProfiles;
+ }
+
public AuthenticationRecord getAuthenticationRecord() {
return authenticationRecord;
}
diff --git a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/util/CertificateUtil.java b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/util/CertificateUtil.java
index e4a1a859bbdf..6784aa5289f7 100644
--- a/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/util/CertificateUtil.java
+++ b/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/util/CertificateUtil.java
@@ -17,6 +17,8 @@
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
@@ -54,24 +56,31 @@ public static PrivateKey privateKeyFromPem(byte[] pem) {
}
/**
- * Extracts the X509Certificate certificate from a PEM certificate.
+ * Extracts the X509Certificate certificate/certificate-chain from a PEM certificate.
* @param pem the contents of a PEM certificate.
- * @return the X509Certificate certificate
+ * @return the {@link List} of X509Certificate certificate
*/
- public static X509Certificate publicKeyFromPem(byte[] pem) {
- Pattern pattern = Pattern.compile("(?s)-----BEGIN CERTIFICATE-----.*-----END CERTIFICATE-----");
+ public static List publicKeyFromPem(byte[] pem) {
+ Pattern pattern = Pattern.compile("(?s)-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----");
Matcher matcher = pattern.matcher(new String(pem, StandardCharsets.UTF_8));
- if (!matcher.find()) {
+
+ List x509CertificateList = new ArrayList<>();
+ while (matcher.find()) {
+ try {
+ CertificateFactory factory = CertificateFactory.getInstance("X.509");
+ InputStream stream = new ByteArrayInputStream(matcher.group().getBytes(StandardCharsets.UTF_8));
+ x509CertificateList.add((X509Certificate) factory.generateCertificate(stream));
+ } catch (CertificateException e) {
+ throw LOGGER.logExceptionAsError(new IllegalStateException(e));
+ }
+ }
+
+ if (x509CertificateList.size() == 0) {
throw LOGGER.logExceptionAsError(new IllegalArgumentException(
"PEM certificate provided does not contain -----BEGIN CERTIFICATE-----END CERTIFICATE----- block"));
}
- try {
- CertificateFactory factory = CertificateFactory.getInstance("X.509");
- InputStream stream = new ByteArrayInputStream(matcher.group().getBytes(StandardCharsets.UTF_8));
- return (X509Certificate) factory.generateCertificate(stream);
- } catch (CertificateException e) {
- throw LOGGER.logExceptionAsError(new IllegalStateException(e));
- }
+
+ return x509CertificateList;
}
private CertificateUtil() { }
diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/CertificateUtilTests.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/CertificateUtilTests.java
index ad759e77a794..69d5cf9cceaa 100644
--- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/CertificateUtilTests.java
+++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/implementation/CertificateUtilTests.java
@@ -16,6 +16,7 @@
import java.security.cert.X509Certificate;
import java.sql.Date;
import java.time.LocalDate;
+import java.util.List;
@RunWith(PowerMockRunner.class)
public class CertificateUtilTests {
@@ -24,10 +25,20 @@ public class CertificateUtilTests {
public void testPublicKey() throws Exception {
String pemPath = getPath("certificate.pem");
byte[] pemCertificateBytes = Files.readAllBytes(Paths.get(pemPath));
- X509Certificate x509Certificate = CertificateUtil.publicKeyFromPem(pemCertificateBytes);
- x509Certificate.checkValidity(Date.valueOf(LocalDate.of(2025, 12, 25)));
+ List x509CertificateList = CertificateUtil.publicKeyFromPem(pemCertificateBytes);
+ x509CertificateList.get(0).checkValidity(Date.valueOf(LocalDate.of(2025, 12, 25)));
}
+ @Test(expected = CertificateExpiredException.class)
+ public void testPublicKeyChain() throws Exception {
+ String pemPath = getPath("cert-chain.pem");
+ byte[] pemCertificateBytes = Files.readAllBytes(Paths.get(pemPath));
+ List x509CertificateList = CertificateUtil.publicKeyFromPem(pemCertificateBytes);
+ Assert.assertEquals(2, x509CertificateList.size());
+ x509CertificateList.get(0).checkValidity(Date.valueOf(LocalDate.of(4025, 12, 25)));
+ }
+
+
@Test
public void testPrivateKey() throws Exception {
String pemPath = getPath("key.pem");
diff --git a/sdk/identity/azure-identity/src/test/java/com/azure/identity/util/TestUtils.java b/sdk/identity/azure-identity/src/test/java/com/azure/identity/util/TestUtils.java
index e26574ebb32f..4e0a0dbed06b 100644
--- a/sdk/identity/azure-identity/src/test/java/com/azure/identity/util/TestUtils.java
+++ b/sdk/identity/azure-identity/src/test/java/com/azure/identity/util/TestUtils.java
@@ -7,11 +7,13 @@
import com.azure.identity.implementation.MsalToken;
import com.microsoft.aad.msal4j.IAccount;
import com.microsoft.aad.msal4j.IAuthenticationResult;
+import com.microsoft.aad.msal4j.ITenantProfile;
import reactor.core.publisher.Mono;
import java.time.Duration;
import java.time.OffsetDateTime;
import java.util.Date;
+import java.util.Map;
import java.util.UUID;
import java.util.concurrent.CompletableFuture;
@@ -54,6 +56,11 @@ public String environment() {
public String username() {
return "testuser";
}
+
+ @Override
+ public Map getTenantProfiles() {
+ return null;
+ }
};
}
diff --git a/sdk/identity/azure-identity/src/test/resources/cert-chain.pem b/sdk/identity/azure-identity/src/test/resources/cert-chain.pem
new file mode 100644
index 000000000000..08761c05f2a0
--- /dev/null
+++ b/sdk/identity/azure-identity/src/test/resources/cert-chain.pem
@@ -0,0 +1,81 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAunkGHWyBYbIp6G97dwFeMhB/7c/y1SPlABi6cUJ6hp7gFeRm
+Nwl4gDvBmY8e8t6ANQxn3vv3HOp/QZmFl7Cr8aSjvD0JAT2CBbQ/O/Lgzb+5FaGR
+vBFbBJ4AcXeHnzJ4ilsCrTJXtIWfo497uAHePQ7F3AtC9vLlf3kOoc7EIkdJ00Cf
++EKjTbU4UhgBUq+zqPMc8QTUyYXvgb8AxPCTJAktL9tiVpsthmK0SsOEZUiscL/U
+Ga/N4EonCklD1AAgWHye0bl0kDhzjJSHAuKBrQ6zLIRs6+9OB6Pg4gcmH+Rup5H2
+dSO09N/YBCiiJZTSlqockB3oym2t5z9et2SiNwIDAQABAoIBAQCKzivPG0X0AztO
+2i19mHcVrVKNI44POnjsaXvfcyzhqMIFic7MiTA5xEGInRDcmOO2mVV4lvaLf8La
+gfz/vXNAnN2E8aoSUkbHGDU52sGcZmrPv0VMSV8HQNXzoJZD2r3/v19urVq79fuv
+NM9TWZCkwqpl8bwXNxe+m85YhCFboY9G543qmuXzKAQLoSupT0e4eIo2IGp7eJYK
+5J/wtlEumUdhsKo1ajLojDgsgPKfrCyvsmO+bj1dRKGXVLO2SL2pFVCjjHF4SP3q
+1WX39beu61Zu+kGthDgj5muHgH06FtnWoHLIUrRmYpM+ezCxQHdRWz7AYjheeE7q
+QqJv1PqBAoGBAOlb/gzsps+rInE+LQoEzVj8osILI4NxIpNc6+iG81dEi+zQABX/
+bHV6hXGGceozVcX4B+V7f08PlZIAgM3IDqfy0fH2pwEQahJ8a3MwzCgR66RxYlkX
+E8czkoz0pcHW58FnLLlWXpHRALTtqoPP5LnWs0SmoNvcHZ9yjJ6tvpRlAoGBAMyQ
+fytsyla1ujO0l/kuLFG7gndeOc96SutH3V17lZ1pN0efHyk2aglOnl6YsdPKLZvZ
+3ghj01HV0Q0f//xpftduuA7gdgDzSG1irXsxEidfVxX7RsPxX6cx8dhYnuk5rz5E
+XyTko7zTpr+A4XMnq6+JNSSCIE+CVYcYf/hyemxrAoGAeC9py4xCaWgxR/OGzMcm
+X3NV++wysSqebRkJYuvF/icOjbuen7W6TVL50Ts2BjHENj6FCpqtObHEDbr2m4Uy
+jysPF7g50OF8T+MGkAAM1YJNQ5cl2M564DhefPwvNoMRP1l8/kNOV3k2DPjuvg5f
+NZsvHudWp4VZOFqNs9e19MUCgYAjewCDoKfrqDN2mmEtmAOZ3YMAfzhZsyVhb6KG
+f1Pw7HnpE0FNXaHAoYE4eRWG3W9Rs9Ud8WqKrCJJO36j4gxdA1grRGVTPt8WEeJz
+FozGhXPOXTnl7GyhzDjdRGmznAy4KRWziXCY5MDsQEdaOMw/cvXjsio2gC2jc+1m
+QzzWpwKBgHzszJ5s6vcWElox4Yc1elQ8xniPpo3RtfXZOLX8xA4eR9yQawah1zd6
+ChfeYbHVfq007s+RWGTb+KYQ6ic9nkW464qmVxHGBatUo9+MR4Gk8blANoAfHxdV
+g6JNgT2kIGu9IEwoD6XQldC/v24bvFSesyGRHNdI4mUG+hhU4aNw
+-----END RSA PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIID7zCCAdcCAQEwDQYJKoZIhvcNAQEFBQAwPjELMAkGA1UEBhMCVVMxDDAKBgNV
+BAoMA3h5ejEMMAoGA1UECwwDYWJjMRMwEQYDVQQDDApJTlRFUklNLUNOMCAXDTIw
+MDgyMTE3MTA0M1oYDzMzODkwODA0MTcxMDQzWjA7MQswCQYDVQQGEwJVUzEMMAoG
+A1UECgwDeHl6MQwwCgYDVQQLDANhYmMxEDAOBgNVBAMMB1VTRVItQ04wggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6eQYdbIFhsinob3t3AV4yEH/tz/LV
+I+UAGLpxQnqGnuAV5GY3CXiAO8GZjx7y3oA1DGfe+/cc6n9BmYWXsKvxpKO8PQkB
+PYIFtD878uDNv7kVoZG8EVsEngBxd4efMniKWwKtMle0hZ+jj3u4Ad49DsXcC0L2
+8uV/eQ6hzsQiR0nTQJ/4QqNNtThSGAFSr7Oo8xzxBNTJhe+BvwDE8JMkCS0v22JW
+my2GYrRKw4RlSKxwv9QZr83gSicKSUPUACBYfJ7RuXSQOHOMlIcC4oGtDrMshGzr
+704Ho+DiByYf5G6nkfZ1I7T039gEKKIllNKWqhyQHejKba3nP163ZKI3AgMBAAEw
+DQYJKoZIhvcNAQEFBQADggIBADfitSfjlYa2inBKlpWN8VT0DPm5uw8EHuwLymCM
+WYrQMCuQVE2xYoqCSmXj6KLFt8ycgxHsthdkAzXxDhawaKjz2UFp6nszmUA4xfvS
+mxLSajwzK/KMBkjdFL7TM+TTBJ1bleDbmoJvDiUeQwisbb1Uh8b3v/jpBwoiamm8
+Y4Ca5A15SeBUvAt0/Mc4XJfZ/Ts+LBAPevI9ZyU7C5JZky1q41KPklEHfFZKQRfP
+cTyTYYvlPoq57C8XPDs6r50EV3B6Z8MN21OB6MVGi8BOY/c7a2h1ZOhxNyBnJuQX
+w4meJthoKcHUnAs8YCrEoQKayMqPH0Vdhaii/gx4jAgh4PNyIZz5cAst+ybPtQj4
+i7LFEWjxis+NLQMHhyE4fIGIkEjzU0uGDugifheIwKALqYEgMDrcoolwvGMdPxGo
+Qps7tkad5vZV9d9+tTbI+DMB16Y51S04/u1dGFz3jSrDVF08PznJc99VB69OReiC
+K17n8Xyox/VAaYsRFbOAJpLRWwcnotDpFQbgiLrmXxNOoiWPNbQsQzaQx7cR9okQ
+v5RTpFAkrdjadhMsXFFiQh+axlaGD368ZGAj5ZoyOiXkV88tNCtyP/RDgW5ftQQ7
+fdv05bNXhDfLgEgQvVSDfClDL1hKukLmLQS3ILfB4FlM/XmE+FW/qgo9aSx2XIbx
+E4ie
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFGTCCAwGgAwIBAgIUBpOlpNN/cgasvozVw6mfa04+ZC0wDQYJKoZIhvcNAQEL
+BQAwOzELMAkGA1UEBhMCVVMxDDAKBgNVBAoMA3h6eTEMMAoGA1UECwwDYWJjMRAw
+DgYDVQQDDAdST09ULUNOMCAXDTIwMDgyMTE3MTAyNVoYDzMzODkwODA0MTcxMDI1
+WjA+MQswCQYDVQQGEwJVUzEMMAoGA1UECgwDeHl6MQwwCgYDVQQLDANhYmMxEzAR
+BgNVBAMMCklOVEVSSU0tQ04wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCr+Tblr4DhX3Xahbei00OJnUgRw6FMsnyROZ170Lx0YNcOrRJ9PuaOZiYXY2Hm
+t71o/PZjMtmiYMIxFaiMnql/dCca777l+uBmlwFOR8bquBWiLStmPpvf7Kh5GZNw
+XvLGAhk/oxG0O9Pa3OfrlD5vrn/UEGJBu0C+c6ZSLyRk8RjAh8ZbUvnDhhQw3PoK
+MQSmFK8BN8X34elu7kq0j7nS0D6Mt7eS40oYeHEaQDdBGl8f7rcqC3RjJ/b/F9wA
++CsKaps6TvpxE7ln9Y3+0yscgeRbyHW0zem6U7MMvVnK/znuNY90Wmajbea7SUj6
+nGZpLGS1TqS4H5rn9U1N1WCSyFukTpAQLCPQHeUrSiHKa9Ye5KuC6u2ZXgy0qpGj
+nMLu+7746wemi7jN06yZjEmDVneMNCxjLYs4ZhuhiTEItlZpR0VBugNbKo2mJw2U
+UesizB3AzQkqGOKp70y74yC+ykLkR5vRNyY3MENJ+W83U1haS7C1rhqFV4eXflVe
+EHl8tj7p4KrfhSPr0Rd12UIWDXkYUpCAPlDMdEa9+SDAyuSnkN4P1fAeuzG01jeJ
+bnsrWgs3gH3KaGBcPTV4tOTavilGNYDvHZbN9XpYZoZQoPrDZc61M5Ol/cxBahkO
+n4aDyhpx5hHnSs7VQuHnjeMUxt3J5HqrXPvaf6uPYNT8KQIDAQABoxAwDjAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCHCxFqJwfVMI9kMvwlj+sxd4Q5
+KuyWxlXRfzpYZ/6JCUq7VBceRVJ87KytMNCyq61rd3Jhb8ssoMCENB68HYhIFUGz
+GR92AAc6LTh2Y3vQAg640Cz2vLCGnqnlbIslYV6fzxYqgSopR5wJ4D/kJ9w7NSrC
+paN6bS8Olv//tN6RSnvEMJZdXFA40xFin6qT8Op3nrysEE7Z84wPG9Wj2DXskX6v
+bZenCEgl1/Ezif5IEgJcYdRkXtYPp6JNbVV+KjDTIMEaUVMpGMGefrt22E+4nSa3
+qFvcbzYEKeANe9IAxdPzeWiQ2U90PqWFYCA9sOVsrlSwrup+yYXl0yhTxKY67NCX
+gyVtZRnzawv0AVFsfCOT4V0wJSuUz4BV6sH7kl2C7FW3zqYVdFEDigbUNsEEh/jF
+3JiAtgNbpJ8TtiCFrCI4g9Jepa3polVPzDD8mLtkWWnfSBN/28cxa2jiUlfQxB39
+kyqu4rWbm01lyucJxVgJzH0SGyEM5OvF/OIOU3Q7UIXEcZSX3m4Xo59+v6ZNDwKL
+PcFDNK+PL3WNYfdexQCSAbLm1gkUrVIqvidpCSSVv5oWwTM5m7rbA16Hlu4Ea2ep
+Pl7I9YXXXnIEFqLYZDnCJglcXmlt6OjI8D3w0TRWHb6bFqubDP417sJDX1S6udN5
+wOnOIqg0ZZcqfvpxXA==
+-----END CERTIFICATE-----
diff --git a/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml b/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
index 2ff23d53ad27..8df817b2f6ef 100644
--- a/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
+++ b/sdk/spring/azure-spring-boot-starter-active-directory/pom.xml
@@ -58,7 +58,7 @@
com.microsoft.azure
msal4j
- 1.6.2
+ 1.7.1
com.nimbusds
@@ -83,7 +83,7 @@
com.fasterxml.jackson.core:jackson-databind:[2.11.2]
- com.microsoft.azure:msal4j:[1.6.2]
+ com.microsoft.azure:msal4j:[1.7.1]
com.nimbusds:nimbus-jose-jwt:[7.9]
org.springframework:spring-web:[5.2.8.RELEASE]
org.springframework.boot:spring-boot-starter:[2.3.3.RELEASE]
diff --git a/sdk/spring/azure-spring-boot/pom.xml b/sdk/spring/azure-spring-boot/pom.xml
index abc9c672cadc..77004dbf229f 100644
--- a/sdk/spring/azure-spring-boot/pom.xml
+++ b/sdk/spring/azure-spring-boot/pom.xml
@@ -158,7 +158,7 @@
com.microsoft.azure
msal4j
- 1.6.2
+ 1.7.1
true
@@ -264,7 +264,7 @@
com.fasterxml.jackson.core:jackson-databind:[2.11.2]
net.minidev:json-smart:[2.3]
- com.microsoft.azure:msal4j:[1.6.2]
+ com.microsoft.azure:msal4j:[1.7.1]
com.microsoft.spring.data.gremlin:spring-data-gremlin:[2.3.0]
com.nimbusds:nimbus-jose-jwt:[7.9]
io.micrometer:micrometer-core:[1.5.4]