From 88df64013795d4e3716e1f677600f8164ffdb542 Mon Sep 17 00:00:00 2001 From: Bogdan Gavril Date: Thu, 6 Jun 2024 22:38:12 +0100 Subject: [PATCH] Fix for #4791 - don't use WSTrust for ROPC except for AAD authorities (#4794) * Fix for #4791 * Fix for #4791 * fix --------- Co-authored-by: Neha Bhargava <61847233+neha-bhargava@users.noreply.github.com> --- .../Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs | 6 +++--- .../Internal/Requests/IntegratedWindowsAuthRequest.cs | 2 +- .../Internal/Requests/UsernamePasswordRequest.cs | 2 +- .../CoreTests/InstanceTests/DstsAuthorityTests.cs | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs index 8a26e3ec43..4bd3af2778 100644 --- a/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs +++ b/src/client/Microsoft.Identity.Client/AppConfig/AuthorityInfo.cs @@ -117,9 +117,9 @@ private AuthorityInfo( /// /// For IWA /// - internal bool IsUserAssertionSupported => - AuthorityType != AuthorityType.Adfs && - AuthorityType != AuthorityType.B2C; + internal bool IsWsTrustFlowSupported => + AuthorityType == AuthorityType.Aad || + AuthorityType == AuthorityType.Dsts; /// /// Authority supports multi-tenancy. ADFS and Generic authorities are not tenanted. diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/IntegratedWindowsAuthRequest.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/IntegratedWindowsAuthRequest.cs index 6e0c6b26e7..fd95055860 100644 --- a/src/client/Microsoft.Identity.Client/Internal/Requests/IntegratedWindowsAuthRequest.cs +++ b/src/client/Microsoft.Identity.Client/Internal/Requests/IntegratedWindowsAuthRequest.cs @@ -52,7 +52,7 @@ protected override async Task ExecuteAsync(CancellationTok private async Task FetchAssertionFromWsTrustAsync() { - if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported) + if (!AuthenticationRequestParameters.AuthorityInfo.IsWsTrustFlowSupported) { //IWA is currently not supported in pure adfs environments. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2771 throw new MsalClientException( diff --git a/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs b/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs index 339216b83d..3a67968e2c 100644 --- a/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs +++ b/src/client/Microsoft.Identity.Client/Internal/Requests/UsernamePasswordRequest.cs @@ -106,7 +106,7 @@ private async Task GetTokenResponseAsync(CancellationToken ca private async Task FetchAssertionFromWsTrustAsync() { - if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported) + if (!AuthenticationRequestParameters.AuthorityInfo.IsWsTrustFlowSupported) { return null; } diff --git a/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs b/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs index 7c52557e82..d376594b96 100644 --- a/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/CoreTests/InstanceTests/DstsAuthorityTests.cs @@ -98,7 +98,7 @@ public void DstsAuthorityFlags() Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.CanBeTenanted); Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsClientInfoSupported); Assert.IsFalse((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsInstanceDiscoverySupported); - Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsUserAssertionSupported); + Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsWsTrustFlowSupported); } [TestMethod]