diff --git a/tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs b/tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs index dcb4ad8e6e..5c6ebcd696 100644 --- a/tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs +++ b/tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs @@ -19,13 +19,12 @@ public class CacheExecutionTests private static async Task GetPublicAadUserDataAsync() { - var api = new LabServiceApi(); - LabResponse labResponse = (await api.GetLabResponseFromApiAsync(UserQuery.PublicAadUserQuery).ConfigureAwait(false)); + var labUser = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); return new LabUserData( - labResponse.User.Upn, - labResponse.User.GetOrFetchPassword(), - labResponse.User.AppId, - labResponse.User.TenantId); + labUser.User.Upn, + labUser.User.GetOrFetchPassword(), + labUser.App.AppId, + labUser.User.TenantId); } [AssemblyInitialize] diff --git a/tests/Microsoft.Identity.Test.Common/TestConstants.cs b/tests/Microsoft.Identity.Test.Common/TestConstants.cs index 541d1b862d..c33b147063 100644 --- a/tests/Microsoft.Identity.Test.Common/TestConstants.cs +++ b/tests/Microsoft.Identity.Test.Common/TestConstants.cs @@ -32,8 +32,8 @@ public static HashSet s_scope public const string MsiResource = "scope"; public static readonly string[] s_graphScopes = new[] { "user.read" }; public const uint JwtToAadLifetimeInSeconds = 60 * 10; // Ten minutes - public const string ClientCredentialAudience = "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca/v2.0"; - public const string PublicCloudConfidentialClientID = "88f91eac-c606-4c67-a0e2-a5e8a186854f"; + public const string ClientCredentialAudience = "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f/v2.0"; + public const string PublicCloudConfidentialClientID = "54a2d933-8bf8-483b-a8f8-0a31924f3c1f"; public const string AutomationTestCertName = "LabAuth.MSIDLab.com"; public static Dictionary AdditionalAssertionClaims => new Dictionary() { { "Key1", "Val1" }, { "Key2", "Val2" }, { "customClaims", "{\"xms_az_claim\": [\"GUID\", \"GUID2\", \"GUID3\"]}" } }; @@ -74,6 +74,9 @@ public static HashSet s_scope public const string ProductionPrefNetworkEnvironment = "login.microsoftonline.com"; public const string ProductionPrefCacheEnvironment = "login.windows.net"; + // TODO: Tenant Migration - Regional endpoint may need update after migration + // Current: centralus (old tenant), New: eastus2 (id4slab1 tenant) + // Note: Regional endpoints may not work with new tenant due to AADSTS100007 restrictions public const string ProductionPrefRegionalEnvironment = "centralus.login.microsoft.com"; public const string ProductionPrefInvalidRegionEnvironment = "invalidregion.login.microsoft.com"; public const string ProductionNotPrefEnvironmentAlias = "sts.windows.net"; @@ -204,7 +207,7 @@ public static HashSet s_scope public const string PKeyAuthResponse = "PKeyAuth Context=\"context\",Version=\"1.0\""; public const string RegionName = "REGION_NAME"; - public const string Region = "centralus"; + public const string Region = "centralus"; // TODO: Tenant Migration - Update for new tenant (id4slab1) is in eastus2 public const string InvalidRegion = "invalidregion"; public const int TimeoutInMs = 2000; public const string ImdsHost = "169.254.169.254"; @@ -262,6 +265,7 @@ public static IDictionary ExtraQueryParameters public const string MsalCCAKeyVaultUri = "https://id4skeyvault.vault.azure.net/secrets/AzureADIdentityDivisionTestAgentSecret/"; public const string MsalCCAKeyVaultSecretName = "MSIDLAB4-IDLABS-APP-AzureADMyOrg-CC"; + // TODO: Tenant Migration - New secret name for id4slab1 tenant: "MSAL-APP-AzureADMultipleOrgs" public const string MsalOBOKeyVaultUri = "https://id4skeyvault.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret/"; public const string MsalOBOKeyVaultSecretName = "IdentityDivisionDotNetOBOServiceSecret"; public const string MsalArlingtonOBOKeyVaultUri = "https://msidlabs.vault.azure.net:443/secrets/ARLMSIDLAB1-IDLASBS-App-CC-Secret"; @@ -595,6 +599,14 @@ public static MsalTokenResponse CreateAadTestTokenResponseWithFoci() return msalTokenResponse; } + public static MsalTokenResponse CreateAadTestTokenResponseWithMsalUserDefault() + { + // Token response with MSAL User Default user information for ID4SLAB1 tenant + const string jsonResponse = "{\"token_type\":\"Bearer\",\"scope\":\"Calendars.Read openid profile Tasks.Read User.Read email\",\"expires_in\":3600,\"ext_expires_in\":262800,\"access_token\":\"\",\"refresh_token\":\"\",\"id_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiNmM2OWEzNy1kZjk2LTRkYjAtOTA4OC0yYWI5NmUxZDgyMTUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZjY0NWFkOTItZTM4ZC00ZDFhLWI1MTAtZDFiMDlhNzRhOGNhL3YyLjAiLCJpYXQiOjE1Mzg1Mzg0MjIsIm5iZiI6MTUzODUzODQyMiwiZXhwIjoxNTM4NTQyMzIyLCJuYW1lIjoiTVNBTCBVc2VyIERlZmF1bHQiLCJvaWQiOiI5ZjQ4ODBkOC04MGJhLTRjNDAtOTdiYy1mN2EyM2M3MDMwODQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJNU0FMLVVzZXItRGVmYXVsdEBpZDRzbGFiMS5vbm1pY3Jvc29mdC5jb20iLCJzdWIiOiJZNllrQmRITk5MSE5tVEtlbDlLaFJ6OHdyYXN4ZExSRmlQMTRCUlBXcm40IiwidGlkIjoiZjY0NWFkOTItZTM4ZC00ZDFhLWI1MTAtZDFiMDlhNzRhOGNhIiwidXRpIjoiNm5jaVgwMlNNa2k5azczLUYxc1pBQSIsInZlciI6IjIuMCJ9.\",\"client_info\":\"" + AadRawClientInfo + "\"}"; + var msalTokenResponse = JsonHelper.DeserializeFromJson(jsonResponse); + return msalTokenResponse; + } + // Fake strings approximately representing tokens of real-world size internal const string AppAccessToken = "a9sVdA2UrU0KbsG19MjSZp4hlrd4B3mhZc1gfWsu1v3Nxuf9y7MMqdmCqyt4OwJ7cZEFAhdy8wf9vRastaS0Dcc6MnAtaI73k9co06QtQgecLPVMR23ht6cWB25Ta7yqdcQ8X7ARdUD4MWY6o01TqADKE4Vo3DMpzZiwpiS6Z81I5bW9jbWiUTT7J44lRM1qR3ZJUdaa6OSOaLZT4temLYy3bXZh6Bvu7fxOF1pStzwESRDiFegYq6LFf1sHVY5scdvNOifQnWuRy4bWw0Fl17IO5lKzhuEUvaOcgyWea0Hg3Rh9U0or2WPogJna7HraHdp0BWtuj3KOdXqmjxDoFKkTfBXiubpnAqlWwfAKHvKYefNuSRT7ewHLFQNpVVbr93P1Na4aMHqL4DWIQ1BEYoRskQkxNDtzeipb5CP5FrfStz8lFB4nCaZsJPqIzi82BpZ4HwXls8VYrRLt2dK0D9ksxufhN2uUknO2w5MBDvpwl5IuPZiCvwxU0IG3eDyqRCqw1uh18KL4qbeAwp0BPQL7Xexc4eCXC5o24uxipyWK6C169R645sYCgHY9Phiik9fUaTcZ6rzPhSKXK5svhtuMUpDHoHnSkOocCmJPRdNEpULup7zAMtGxGtD4ldfRRtAD5MLBcnKB4QN4KsbysV9lj1xDSFawL22pno61hreo5lJmqlRdj3yRVupqg5IRhilWI0wbUSfUPISrBS0EcCb6rSBd6MPIbstJYOsuJ4Bh4wtLDDeD5oxlMIaF2tkf2QHfspXocd0fLbpA7X9AR1s5yYRRJKgh7SJMgS4JJxLHvF9VZJCKKwnYzlR5EaHYsvDCGyvEi9UkWDCBYMcG6OvzYemjVOTiJTbNM2q6DaqLS9bOMZdZzNfG3PlMAqeZlH5CLv8edLzfDaVZmMCdsc6iUTCAgW4ERDzu7Pf2AeQHQlpplPkgYMxiKZ31BxoaHvwlGReopWq3NN8oOS9QG5VCG1osQRmBZAQHDZTA2x30C4l8L4yH8tvs12trqAvRGnFIq79qluVwJHAPGbQZiAEArzpN7laNqDmzJFCA4emv6DdnCnGdLCSaIubVTBJ5dXbBN9xmphJUGw1jCoFDcFxrcOK0MdJnVGnbkEuSrnEVHUGmocUG1tb0QRZ9Jhn9mGO6RxVcZVzs7XJi8vEQ0FeWJOG0uqsNyi0gCmsglyH8QqsOVlYve8UuxqCgzm1CgfCeNDJEB01xk6iTsjRM0iGcCaZGCm9dRdW99Hlq8SsLRZl2IT48KYj4B9ZP4jBrkY9Ef3xpFRu8fiwgBdzrZosZA2aQPRXlvdM1XjeGaK7iUsrpsVOrvDorBoMucV3uypI85c7yQaTu1qrKfri7OZgEVVBdQO08iipyvyRVSBz1U9ZAc0xqgERqPUoPIOFtqMRx1qJD7WWRUa0hnd66SAgiM2ViGBZspIsUvA9KnAF28uU0kVRn3FXb3B3pNLhpHQSqElPz1uFKp6gO1kqRR6B6TwKn"; internal const string UserAccessToken = "flMpQIKiCoiPK6qISSjmF9dGhKe47KFGPwe82BDBxBCVfYI4UiKYbBuShsjf8oGTsjN5ODeaO6k0cmZJYuNNbLyOr8JGqoxQRW9bI8j5ETpbTNf6tYpAWde9PIYj2wEBnbughVgtJsh2QxIrahie5leMpsGb1yoFzADD5gyoJq8etNUSgZwe5qkfaE9UBCUKrznKjKbsG5hBJXut5GD0QdQy3wo2PnocewrptlMzd5SsHCzUUBGA4q7ks7IfrLiQH11JyBnjBhypOX3XvuqBz4JKkpftVYfvwPWE3f5Onku6FkZJFFESyGQP9YnJVx5dQCpHH9l6ShTqOLSQduf7wxoyeAgxwPrM9Y8Kvj31IrXqiwP52x4hBsctLCqOXOZ3wMXnozMXyHpNvKMJaNgDgvBgMYhiyORkb3qKYw0gAP4659I8dK1esxJoD8I3EreDftGfNMFCgn7kFfauUQphkqx8ukqzw068R7g5TOUci1pgPcVXCAMxj0P3fTiKe1doVuF6znKYh3m7pjyzyaqb5K9VFIh4A8TXOO0MqjaVkoSWJXARTy4T0kAZBVPbO6U2BWku23yLIt43MhQTc9uf7inuirwaIgh5u7noDxYG4QZLB1CJl04Zq2gbh9GW7dqweAaC9efYTEDwhxDTPHeGTQs44e8cnWerIyZA7mq8sFuzihIiCfgZ6nNBPcx2lXKyarUtQGmjjRyOEAhs66atv3SgMhNBhontPoUhR1QEnTKeYzfaavlnf5qMZA41hijGazHyxy5FgLD5aLEpZTHN5MPQLeaEXzDMX5Wtdvq7nokiItRfLkKZtXkuSiFVltmRPcKqzGbjNRH96OQzuxLE1Mv25FYFR3PAwv6np69yScVOpNFL8CqJdT310dGnRPUKSrEqTPuMsHqVRr36j2ZUaGs6YBtcrxIxKHuPrv23FQg5fC0FgxZvKqve0hf68AocJ1HqKRy01CGQobmYpTwBByftOZYGC4KOfGd13l78kZaKLuk2gxfFuTQyr11A0L4n5tXfjlikJtr3wlTGt0KCGGXmNK1xsSoRC0VcXDOgQUu3FHblhiaYjbSvPRF09xn9tRPnUkznbsT1kPMiJ8v89ZOCtVWpvkoiy9VUVcSUpZNQwRh3wHidZAkp1xyjyVc2pIHPg6XhzJnlt77zHNiBkPxWbYt7hXBQf3QeYoMF4s0Qi1y5N72DdoSNJ3iaTwx3esAz6TeyxSh36PIz35mR5jGyGMssyaNg6lIewLPbjnizgC6xssi6mKOheDqWqBv89nIvSBOXEkKcUYsBlhBBK6BgxOIha1NAeP93RRKfyjrF7LtIoSOk3DJUx75rUJ9oyuuTt4FdSnp7ZdrIciO8vlNslPrfa7UjBdOtVHiaz9Ef91dctdADVFcwXXmcu2ypyKB1YvMbkPP7mc12TF1a8X6t0mU4s4J4IpA3SHmT5JvbQBEzOIs6ex38X3UtXSItxpaS2gKozAhAmvjt6NKMe3Jysm4bafH1kb8eB1vdwTQu3jIOGozqHC3rvqEVAt26NNKOuNYAoYYamQOSb2w8PUCuDDWs1ffLvvfyvRndZztV5C4HGGR1Tg82N291Sb7rSUYmA1rdGyJ4kPtSaiPOwMyPUs9FuZNef5Ib83D3gTcgS1gMxto5UkfSxtCDKLXtGKArOdACrRzHiiMSn3owQfyVtSXZPdeofoCzuPWcZzFLBUJR0iKWBpUkxd0N17vw45uMQpQUNGgGoyvyboKkAFlOGsEIAmrnooC3CJGVA4jHPYJnVG4xTJ37U6QL5sX95qWtjbvuD5KoT2GyWec0o62CNr09tCQsiALLC1QrfCiCGsullefbsgBB5tsOY1Kyiy4uf84qBMu20GbsJ01R8xxpJ5bh6HFRaStEK3WIy7TMJym42YMbxB3AGsGFGhNYljtuqgeUjXn1UuWskkB6QqdepFHCof6CHg0LlV0o4Iz9QKu5cfoi8jk5HKbvIGyDqCgZaC2LdugNgQ0X"; diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs index a67478cdec..50a128003c 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs @@ -33,7 +33,7 @@ public async Task Sni_Gets_Pop_Token_Successfully_TestAsync() IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public); // Retrieve the certificate from settings - X509Certificate2 cert = settings.GetCertificate(); + X509Certificate2 cert = settings.Certificate; // Build Confidential Client Application with SNI certificate at App level IConfidentialClientApplication confidentialApp = ConfidentialClientApplicationBuilder.Create(MsiAllowListedAppIdforSNI) diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs index 056840313d..91f01831fd 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs @@ -198,7 +198,7 @@ public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, TargetFramewor .AcquireTokenForClient(settings.AppScopes) .OnBeforeTokenRequest((data) => { - ModifyRequest(data, settings.GetCertificate()); // Adding a certificate via handler instead of using WithCertificate + ModifyRequest(data, settings.Certificate); // Adding a certificate via handler instead of using WithCertificate return Task.CompletedTask; }) .ExecuteAsync(CancellationToken.None) @@ -360,10 +360,10 @@ private static IConfidentialClientApplication CreateApp( switch (credentialType) { case CredentialType.Cert: - builder.WithCertificate(settings.GetCertificate()); + builder.WithCertificate(settings.Certificate); break; case CredentialType.Secret: - builder.WithClientSecret(settings.GetSecret()); + builder.WithClientSecret(settings.Secret); break; case CredentialType.ClientAssertion_Manual: @@ -374,7 +374,7 @@ private static IConfidentialClientApplication CreateApp( builder.WithClientAssertion(() => GetSignedClientAssertionManual( settings.ClientId, aud, // for AAD use v2.0, but not for ADFS - settings.GetCertificate(), + settings.Certificate, useSha2AndPssForAssertion)); break; @@ -387,14 +387,14 @@ private static IConfidentialClientApplication CreateApp( () => GetSignedClientAssertionUsingWilson( settings.ClientId, aud2, - settings.GetCertificate())); + settings.Certificate)); break; case CredentialType.ClientClaims_ExtraClaims: - builder.WithClientClaims(settings.GetCertificate(), GetClaims(true), mergeWithDefaultClaims: false, sendX5C: sendX5C); + builder.WithClientClaims(settings.Certificate, GetClaims(true), mergeWithDefaultClaims: false, sendX5C: sendX5C); break; case CredentialType.ClientClaims_MergeClaims: - builder.WithClientClaims(settings.GetCertificate(), GetClaims(false), mergeWithDefaultClaims: true, sendX5C: sendX5C); + builder.WithClientClaims(settings.Certificate, GetClaims(false), mergeWithDefaultClaims: true, sendX5C: sendX5C); break; default: throw new NotImplementedException(); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.WithRegion.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.WithRegion.cs index 2caa7b60a2..874a48f146 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.WithRegion.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.WithRegion.cs @@ -29,6 +29,11 @@ namespace Microsoft.Identity.Test.Integration.HeadlessTests [TestClass] public class RegionalAuthIntegrationTests { + // TODO: TENANT MIGRATION - These tests currently use original tenant configuration + // Regional endpoints (eastus2.login.microsoft.com) return AADSTS100007 with new tenant + // "Only managed identities and Microsoft internal service identities are supported" + // Regional endpoints are restricted by Azure AD policy for regular app registrations + private KeyVaultSecretsProvider _keyVault; private const string RegionalHost = "centralus.login.microsoft.com"; @@ -59,7 +64,7 @@ public async Task AcquireTokenToRegionalEndpointAsync(bool instanceDiscoveryEnab { // Arrange var factory = new HttpSnifferClientFactory(); - var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); + var settings = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy); // Use legacy config for regional tests settings.InstanceDiscoveryEndpoint = instanceDiscoveryEnabled; _confidentialClientApplication = BuildCCA(settings, factory); @@ -78,7 +83,7 @@ public async Task InvalidRegion_GoesToInvalidAuthority_Async() { // Arrange var factory = new HttpSnifferClientFactory(); - var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); + var settings = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy); // Use legacy config for regional tests _confidentialClientApplication = BuildCCA(settings, factory, true, "invalid"); Environment.SetEnvironmentVariable(TestConstants.RegionName, TestConstants.Region); @@ -131,7 +136,7 @@ private IConfidentialClientApplication BuildCCA( } else { - builder.WithCertificate(settings.GetCertificate()); + builder.WithCertificate(settings.Certificate); } builder.WithAuthority($@"https://{settings.Environment}/{settings.TenantId}") @@ -193,7 +198,7 @@ private static string GetSignedClientAssertionUsingMsalInternal(string clientId, var manager = PlatformProxyFactory.CreatePlatformProxy(null).CryptographyManager; var jwtToken = new JsonWebToken(manager, clientId, TestConstants.ClientCredentialAudience, claims); - var cert = ConfidentialAppSettings.GetSettings(Cloud.Public).GetCertificate(); + var cert = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy).Certificate; // Use legacy config for regional tests return jwtToken.Sign(cert, true, true); } diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs index 2adf56e8a6..cc050eadbd 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs @@ -69,7 +69,7 @@ public async Task AuthorityMigrationAsync() [TestMethod] public async Task FailedAuthorityValidationTestAsync() { - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); LabUser user = labResponse.User; IPublicClientApplication pca = PublicClientApplicationBuilder @@ -97,7 +97,7 @@ public async Task FailedAuthorityValidationTestAsync() [TestMethod] public async Task AuthorityValidationTestWithFalseValidateAuthorityAsync() { - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); LabUser user = labResponse.User; IPublicClientApplication pca = PublicClientApplicationBuilder diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LegacyPopTest.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LegacyPopTest.NetFwk.cs index 589837e260..d943155d8b 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LegacyPopTest.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LegacyPopTest.NetFwk.cs @@ -343,7 +343,7 @@ public struct JwtClaimTypes public async Task LegacyPoPAsync() { IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - X509Certificate2 clientCredsCert = settings.GetCertificate(); + X509Certificate2 clientCredsCert = settings.Certificate; RsaSecurityKey popKey = CreateRsaSecurityKey(); var cca = ConfidentialClientApplicationBuilder @@ -398,7 +398,7 @@ public async Task LegacyPoPAsync() public async Task LegacyPopUsingNewProtocol_CertThumbprinJWK_Async() { IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - X509Certificate2 clientCredsCert = settings.GetCertificate(); + X509Certificate2 clientCredsCert = settings.Certificate; var cca = ConfidentialClientApplicationBuilder .Create(settings.ClientId) @@ -442,7 +442,7 @@ public async Task LegacyPopUsingNewProtocol_CertThumbprinJWK_Async() public async Task LegacyPopUsingNewProtocol_RsaKey_Async() { IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - X509Certificate2 clientCredsCert = settings.GetCertificate(); + X509Certificate2 clientCredsCert = settings.Certificate; var cca = ConfidentialClientApplicationBuilder .Create(settings.ClientId) diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LongRunningOnBehalfOfTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LongRunningOnBehalfOfTests.cs index 4dd18d49ad..358cef30ca 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LongRunningOnBehalfOfTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LongRunningOnBehalfOfTests.cs @@ -22,7 +22,6 @@ public class LongRunningOnBehalfOfTests { private static readonly string[] s_scopes = { "User.Read" }; private static readonly string[] s_oboServiceScope = { "api://23c64cd8-21e4-41dd-9756-ab9e2c23f58c/access_as_user" }; - const string PublicClientID = "be9b0186-7dfd-448a-a944-f771029105bf"; const string OboConfidentialClientID = "23c64cd8-21e4-41dd-9756-ab9e2c23f58c"; private string _confidentialClientSecret; @@ -52,9 +51,10 @@ public void TestInitialize() [TestMethod] public async Task LongRunningAndNormalObo_WithDifferentKeys_TestAsync() { - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + var user1 = labResponse.User; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -104,9 +104,10 @@ public async Task LongRunningAndNormalObo_WithDifferentKeys_TestAsync() [TestMethod] public async Task LongRunningThenNormalObo_WithTheSameKey_TestAsync() { - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + var user1 = labResponse.User; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -177,9 +178,10 @@ public async Task LongRunningThenNormalObo_WithTheSameKey_TestAsync() public async Task InitiateLRWithCustomKey_ThenAcquireLRWithSameKey_Succeeds_TestAsync() { // Arrange - LabUser user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + LabUser user1 = labResponse.User; IPublicClientApplication pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -248,9 +250,10 @@ public async Task InitiateLRWithCustomKey_ThenAcquireLRWithSameKey_Succeeds_Test [TestMethod] public async Task NormalOboThenLongRunningAcquire_WithTheSameKey_TestAsync() { - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + LabUser user1 = labResponse.User; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -319,9 +322,10 @@ public async Task NormalOboThenLongRunningAcquire_WithTheSameKey_TestAsync() [TestMethod] public async Task NormalOboThenLongRunningInitiate_WithTheSameKey_TestAsync() { - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + var user1 = labResponse.User; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -375,10 +379,11 @@ public async Task NormalOboThenLongRunningInitiate_WithTheSameKey_TestAsync() [TestMethod] public async Task WithDifferentScopes_TestAsync() { - string[] scopes2 = { "api://eec635da-5760-452d-940a-448220db047c/access_as_user" }; - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + string[] scopes2 = { "api://23c64cd8-21e4-41dd-9756-ab9e2c23f58c/access_as_user" }; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + var user1 = labResponse.User; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient") .Build(); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfServicePrincipalTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfServicePrincipalTests.cs index f153461eef..0885f64af5 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfServicePrincipalTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfServicePrincipalTests.cs @@ -38,7 +38,7 @@ public async Task NormalObo_TestAsync() //An explanation of the OBO for service principal scenario can be found here https://aadwiki.windows-int.net/index.php?title=App_OBO_aka._Service_Principal_OBO var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - var cert = settings.GetCertificate(); + var cert = settings.Certificate; IReadOnlyList middleTierApiScopes = new List() { OBOServicePpeClientID + "/.default" }; IReadOnlyList downstreamApiScopes = new List() { OBOServiceDownStreamApiPpeClientID + "/.default" }; @@ -103,7 +103,7 @@ public async Task LongRunningObo_TestAsync() //An explanation of the OBO for service principal scenario can be found here https://aadwiki.windows-int.net/index.php?title=App_OBO_aka._Service_Principal_OBO var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - var cert = settings.GetCertificate(); + var cert = settings.Certificate; IReadOnlyList middleTierApiScopes = new List() { OBOServicePpeClientID + "/.default" }; IReadOnlyList downstreamApiScopes = new List() { OBOServiceDownStreamApiPpeClientID + "/.default" }; diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfTests.cs index c88b338af2..ffa1e80daf 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/OnBehalfOfTests.cs @@ -13,6 +13,7 @@ using Microsoft.Identity.Test.Common.Core.Helpers; using Microsoft.Identity.Test.Common.Core.Mocks; using Microsoft.Identity.Test.Integration.Infrastructure; +using Microsoft.Identity.Test.Integration.NetFx.Infrastructure; using Microsoft.Identity.Test.LabInfrastructure; using Microsoft.Identity.Test.Unit; using Microsoft.VisualStudio.TestTools.UnitTesting; @@ -24,7 +25,6 @@ public class OnBehalfOfTests { private static readonly string[] s_scopes = { "User.Read" }; private static readonly string[] s_oboServiceScope = { "api://23c64cd8-21e4-41dd-9756-ab9e2c23f58c/access_as_user" }; - const string PublicClientID = "be9b0186-7dfd-448a-a944-f771029105bf"; const string OboConfidentialClientID = "23c64cd8-21e4-41dd-9756-ab9e2c23f58c"; private static InMemoryTokenCache s_inMemoryTokenCache = new InMemoryTokenCache(); @@ -58,14 +58,15 @@ public void TestInitialize() public async Task OboAndSilent_ReturnsCorrectTokens_TestAsync(bool serializeCache, bool usePartitionedSerializationCache) { // Setup: Get lab users, create PCA and get user tokens - var user1 = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; - var user2 = (await LabUserHelper.GetSpecificUserAsync("idlab@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var user1 = (await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false)).User; + var user2 = (await LabUserHelper.GetDefaultUser2Async().ConfigureAwait(false)).User; + var labResponse1 = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); var partitionedInMemoryTokenCache = new InMemoryPartitionedTokenCache(); var nonPartitionedInMemoryTokenCache = new InMemoryTokenCache(); var oboTokens = new HashSet(); var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(labResponse1.App.AppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -177,10 +178,13 @@ IConfidentialClientApplication CreateCCA() public async Task OboAndClientCredentials_WithRegional_ReturnsCorrectTokens_TestAsync() { // Setup: Get lab user, create PCA and get user tokens - var user = (await LabUserHelper.GetSpecificUserAsync("idlab1@msidlab4.onmicrosoft.com").ConfigureAwait(false)).User; + var user = (await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false)).User; + // Use the correct public client ID from KeyVault for all tests + var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + var publicClientId = labResponse.App.AppId; var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(publicClientId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .Build(); @@ -295,11 +299,12 @@ public async Task ArlingtonWebAPIAccessingGraphOnBehalfOfUserTestAsync() [TestMethod] public async Task WithCache_TestAsync() { - LabUser user = (await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false)).User; + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + LabUser user = labResponse.User; var factory = new HttpSnifferClientFactory(); - var msalPublicClient = PublicClientApplicationBuilder.Create(PublicClientID) + var msalPublicClient = PublicClientApplicationBuilder.Create(labResponse.App.AppId) .WithAuthority(TestConstants.AuthorityOrganizationsTenant) .WithRedirectUri(TestConstants.RedirectUri) .WithTestLogging() @@ -416,12 +421,20 @@ void AssertLastHttpContent(string content) private async Task RunOnBehalfOfTestAsync( LabUser user, bool silentCallShouldSucceed, - bool forceRefresh = false) + bool forceRefresh = false, + string multiTenantAppId = null) { AuthenticationResult authResult; + // Get multiTenantAppId if not provided + if (string.IsNullOrEmpty(multiTenantAppId)) + { + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + multiTenantAppId = labResponse.App.AppId; + } + var pca = PublicClientApplicationBuilder - .Create(PublicClientID) + .Create(multiTenantAppId) .WithAuthority(AadAuthorityAudience.AzureAdMultipleOrgs) .WithTestLogging() .Build(); @@ -502,10 +515,12 @@ void AssertExtraHttpHeadersAreSent(HttpSnifferClientFactory factory) private ConfidentialClientApplication BuildCca(string tenantId, bool withRegion = false) { + var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); + var builder = ConfidentialClientApplicationBuilder - .Create(OboConfidentialClientID) + .Create(withRegion ? OboConfidentialClientID : settings.ClientId) .WithAuthority(new Uri($"https://login.microsoftonline.com/{tenantId}"), true) - .WithClientSecret(_confidentialClientSecret) + .WithClientSecret(withRegion ? _confidentialClientSecret : settings.Secret) .WithLegacyCacheCompatibility(false); if (withRegion) diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs index a0c49289fb..c3f6b1b61c 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/PoPTests.NetFwk.cs @@ -81,7 +81,7 @@ public async Task HappyPath_Async() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .WithTestLogging() .Build(); @@ -109,7 +109,7 @@ private async Task BearerAndPoP_CanCoexist_Async() var cca = ConfidentialClientApplicationBuilder .Create(settings.ClientId) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .WithTestLogging() .WithAuthority(settings.Authority).Build(); @@ -159,7 +159,7 @@ private async Task MultipleKeys_Async() var cca = ConfidentialClientApplicationBuilder.Create(settings.ClientId) .WithTestLogging() .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); ConfigureInMemoryCache(cca); @@ -181,7 +181,7 @@ private async Task MultipleKeys_Async() cca = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .WithHttpClientFactory(new NoAccessHttpClientFactory()) // token should be served from the cache, no network access necessary .Build(); @@ -228,7 +228,7 @@ public async Task PopTestWithConfigObjectAsync() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .WithTestLogging() .Build(); @@ -266,7 +266,7 @@ public async Task PopTestWithRSAAsync() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); @@ -300,12 +300,13 @@ public async Task PopTestWithRSAAsync() public async Task ROPC_PopTestWithRSAAsync() { var settings = ConfidentialAppSettings.GetSettings(Cloud.Public); - var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + var labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + // Use the lab response app and tenant for consistency instead of mixing configurations var confidentialApp = ConfidentialClientApplicationBuilder - .Create(settings.ClientId) - .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .Create(labResponse.App.AppId) + .WithAuthority($"https://login.microsoftonline.com/{labResponse.User.TenantId}") + .WithClientSecret(settings.Secret) // Still use the certificate/secret from settings .WithExperimentalFeatures(true) .Build(); @@ -321,7 +322,7 @@ public async Task ROPC_PopTestWithRSAAsync() Assert.AreEqual("pop", result.TokenType); PoPValidator.VerifyPoPToken( - settings.ClientId, + labResponse.App.AppId, // Use consistent app ID from lab response ProtectedUrl, HttpMethod.Get, result); @@ -337,7 +338,7 @@ public async Task PopTest_ExternalWilsonSigning_Async() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); @@ -404,7 +405,7 @@ public async Task PopTestWithECDAsync() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); @@ -458,7 +459,7 @@ public async Task NewPOP_WithKeyIdOnly_Async() .Create(settings.ClientId) .WithExperimentalFeatures() .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .Build(); // 3. When acquiring a token, use WithPopKeyId and OnBeforeTokenRequest extensiblity methods @@ -538,7 +539,7 @@ public async Task InMemoryCryptoProvider_AlgIsPS256() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); @@ -591,7 +592,7 @@ public async Task InMemoryCryptoProvider_WithGraph() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); @@ -680,7 +681,7 @@ public async Task PoPToken_ShouldHaveCorrectAlgorithm_PS256_Async() var confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority) - .WithClientSecret(settings.GetSecret()) + .WithClientSecret(settings.Secret) .WithExperimentalFeatures(true) .Build(); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ProactiveRefreshTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ProactiveRefreshTests.cs index b0b78f6e22..b6aac1db7d 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ProactiveRefreshTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/ProactiveRefreshTests.cs @@ -41,7 +41,7 @@ public async Task ProactiveRefreshTriggers_WithTelemetry_Test() ConfidentialClientApplication confidentialApp = ConfidentialClientApplicationBuilder .Create(settings.ClientId) .WithAuthority(settings.Authority, true) - .WithCertificate(settings.GetCertificate()) + .WithCertificate(settings.Certificate) .BuildConcrete(); Trace.WriteLine("Acquire a token from IDP."); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/RuntimeBrokerTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/RuntimeBrokerTests.cs index 048aa6ca8c..6d26451ea0 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/RuntimeBrokerTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/RuntimeBrokerTests.cs @@ -305,7 +305,7 @@ public async Task WamWithSSHCertificateAuthenticationSchemeAsync() [TestMethod] public async Task WamUsernamePasswordWithForceRefreshAsync() { - var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + var labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); string[] scopes = { "User.Read" }; IntPtr intPtr = TestUtils.GetWindowHandle(); @@ -486,11 +486,11 @@ public async Task WamAddDefaultScopesWhenNoScopesArePassedAsync(string scopes) public async Task WamUsernamePasswordPopTokenEnforcedWithCaOnValidResourceAsync() { //Arrange - var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + var labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); - string popUser = "popUser@msidlab4.onmicrosoft.com"; + string popUser = "MSAL-User-POP@id4slab1.onmicrosoft.com"; - string[] scopes = { "https://msidlab4.sharepoint.com/user.read" }; + string[] scopes = { "https://id4slab1.sharepoint.com/user.read" }; IntPtr intPtr = TestUtils.GetWindowHandle(); @@ -524,9 +524,9 @@ public async Task WamUsernamePasswordPopTokenEnforcedWithCaOnValidResourceAsync( public async Task WamUsernamePasswordPopTokenEnforcedWithCaOnInValidResourceAsync() { //Arrange - var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + var labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); - string popUser = "popUser@msidlab4.onmicrosoft.com"; + string popUser = "MSAL-User-POP@id4slab1.onmicrosoft.com"; string[] scopes = { "user.read" }; diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs index d7ff6eb6b0..3dfdba5f5c 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/UsernamePasswordIntegrationTests.NetFwk.cs @@ -69,7 +69,7 @@ public async Task ARLINGTON_ROPC_AAD_CCA_Async() #endif public async Task ROPC_ADFSv4Federated_Async() { - var labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.AdfsV4, true).ConfigureAwait(false); + var labResponse = await LabUserHelper.GetDefaultAdfsUserAsync().ConfigureAwait(false); await RunHappyPathTestAsync(labResponse).ConfigureAwait(false); } @@ -80,14 +80,15 @@ public async Task ROPC_ADFSv4Federated_Async() #endif public async Task AcquireTokenFromAdfsUsernamePasswordAsync() { - LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultAdfsUserAsync().ConfigureAwait(false); var user = labResponse.User; - Uri authorityUri = new Uri(Adfs2019LabConstants.Authority); + // Use the new ADFS authority and disable validation since ADFS infrastructure is not fully available + Uri authorityUri = new Uri("https://fs.id4slab1.com/adfs"); var msalPublicClient = PublicClientApplicationBuilder - .Create(Adfs2019LabConstants.PublicClientId) - .WithAuthority(authorityUri) + .Create(labResponse.App.AppId) + .WithAuthority(authorityUri, validateAuthority: false) .WithTestLogging() .Build(); @@ -138,11 +139,11 @@ private async Task RunHappyPathTestAsync(LabResponse labResponse, string federat if (cloud == Cloud.Arlington) { - clientAppBuilder.WithClientSecret(settings.GetSecret()); + clientAppBuilder.WithClientSecret(settings.Secret); } else { - clientAppBuilder.WithCertificate(settings.GetCertificate(), true); + clientAppBuilder.WithCertificate(settings.Certificate, true); } clientApp = clientAppBuilder.Build(); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/ConfidentialAppSettings.cs b/tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/ConfidentialAppSettings.cs index 49b46bbd72..ea46c086c8 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/ConfidentialAppSettings.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/Infrastructure/ConfidentialAppSettings.cs @@ -13,7 +13,8 @@ public enum Cloud Public, Adfs, PPE, - Arlington + Arlington, + PublicLegacy // For regional tests that need original MSIDLAB4 configuration } public interface IConfidentialAppSettings @@ -22,8 +23,8 @@ public interface IConfidentialAppSettings string TenantId { get; } string Environment { get; } string[] AppScopes { get; } - X509Certificate2 GetCertificate(); - string GetSecret(); + X509Certificate2 Certificate { get; } + string Secret { get; } string Authority { get; } @@ -37,9 +38,11 @@ public class ConfidentialAppSettings { private class PublicCloudConfidentialAppSettings : IConfidentialAppSettings { - public string ClientId => UseAppIdUri? "api://88f91eac-c606-4c67-a0e2-a5e8a186854f" : "88f91eac-c606-4c67-a0e2-a5e8a186854f"; + // TODO: Tenant Migration - Migrated to new id4slab1 tenant for non-regional tests + // Regional tests still use legacy configuration due to AADSTS100007 restrictions + public string ClientId => UseAppIdUri? "api://54a2d933-8bf8-483b-a8f8-0a31924f3c1f" : "54a2d933-8bf8-483b-a8f8-0a31924f3c1f"; - public string TenantId => "f645ad92-e38d-4d1a-b510-d1b09a74a8ca"; + public string TenantId => "10c419d4-4a50-45b2-aa4e-919fb84df24f"; public string Environment => "login.microsoftonline.com"; @@ -53,33 +56,31 @@ private class PublicCloudConfidentialAppSettings : IConfidentialAppSettings public bool InstanceDiscoveryEndpoint { get; set; } = true; - public X509Certificate2 GetCertificate() - { - return GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - } + public X509Certificate2 Certificate => GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - public string GetSecret() - { - return GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalCCAKeyVaultSecretName).Value; - } + public string Secret => + // TODO: Tenant Migration - Migrated to new id4slab1 key vault configuration + // Using MSAL-APP-AzureADMultipleOrgs secret for the migrated app + GetSecretLazy(KeyVaultInstance.MsalTeam, "MSAL-APP-AzureADMultipleOrgs").Value; } private class AdfsConfidentialAppSettings : IConfidentialAppSettings { private const string AdfsCertName = "IDLABS-APP-Confidential-Client-Cert-OnPrem"; + private static readonly Lazy s_adfsLabResponse = new Lazy(() => + { + return LabUserHelper.GetDefaultAdfsUserAsync().GetAwaiter().GetResult(); + }); - public string ClientId => Adfs2019LabConstants.ConfidentialClientId; + public string ClientId => s_adfsLabResponse.Value.App.AppId; public string TenantId => ""; - public string Environment => "fs.msidlab8.com/adfs"; + public string Environment => "fs.id4slab1.com/adfs"; public string[] AppScopes => new[] { "openid", "profile" }; - public X509Certificate2 GetCertificate() - { - return s_certLazy.Value; - } + public X509Certificate2 Certificate => s_certLazy.Value; private static Lazy s_certLazy => new Lazy(() => { @@ -87,10 +88,9 @@ public X509Certificate2 GetCertificate() return kv.GetCertificateWithPrivateMaterialAsync(AdfsCertName).GetAwaiter().GetResult(); }); - public string GetSecret() - { - return GetSecretLazy(KeyVaultInstance.MsalTeam, Adfs2019LabConstants.ADFS2019ClientSecretName).Value; - } + public string Secret => + // Use the default app secret from the lab response + GetSecretLazy(KeyVaultInstance.MsalTeam, "MSAL-App-Default").Value; public string Authority => $@"https://{Environment}"; @@ -111,15 +111,9 @@ private class PpeConfidentialAppSettings : IConfidentialAppSettings public string[] AppScopes => new[] { $"{ClientId}/.default" }; - public X509Certificate2 GetCertificate() - { - return GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - } + public X509Certificate2 Certificate => GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - public string GetSecret() - { - throw new NotImplementedException(); - } + public string Secret => throw new NotImplementedException(); public string Authority => $@"https://{Environment}/{TenantId}"; public Cloud Cloud => Cloud.PPE; @@ -139,15 +133,9 @@ private class ArlingtonConfidentialAppSettings : IConfidentialAppSettings public string[] AppScopes => new[] { "https://graph.microsoft.com/.default" }; - public X509Certificate2 GetCertificate() - { - return GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - } + public X509Certificate2 Certificate => GetCertificateLazy(TestConstants.AutomationTestCertName).Value; - public string GetSecret() - { - return GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalArlingtonCCAKeyVaultSecretName).Value; - } + public string Secret => GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalArlingtonCCAKeyVaultSecretName).Value; public string Authority => $@"https://{Environment}/{TenantId}"; @@ -158,9 +146,37 @@ public string GetSecret() public bool InstanceDiscoveryEndpoint { get; set; } = true; } + private class PublicLegacyCloudConfidentialAppSettings : IConfidentialAppSettings + { + // Legacy MSIDLAB4 configuration for regional tests only + // Regional endpoints require original tenant due to AADSTS100007 restrictions + public string ClientId => UseAppIdUri? "api://88f91eac-c606-4c67-a0e2-a5e8a186854f" : "88f91eac-c606-4c67-a0e2-a5e8a186854f"; + + public string TenantId => "f645ad92-e38d-4d1a-b510-d1b09a74a8ca"; + + public string Environment => "login.microsoftonline.com"; + + public string[] AppScopes => new[] { "https://vault.azure.net/.default" }; + + public string Authority => $@"https://{Environment}/{TenantId}"; + + public Cloud Cloud => Cloud.PublicLegacy; + + public bool UseAppIdUri { get; set; } + + public bool InstanceDiscoveryEndpoint { get; set; } = true; + + public X509Certificate2 Certificate => GetCertificateLazy(TestConstants.AutomationTestCertName).Value; + + public string Secret => GetSecretLazy(KeyVaultInstance.MSIDLab, TestConstants.MsalCCAKeyVaultSecretName).Value; + } + private static Lazy s_publicCloudSettings = new Lazy(() => new PublicCloudConfidentialAppSettings()); + private static Lazy s_publicLegacyCloudSettings = + new Lazy(() => new PublicLegacyCloudConfidentialAppSettings()); + private static Lazy s_ppeCloudSettings = new Lazy(() => new PpeConfidentialAppSettings()); @@ -176,6 +192,8 @@ public static IConfidentialAppSettings GetSettings(Cloud cloud) { case Cloud.Public: return s_publicCloudSettings.Value; + case Cloud.PublicLegacy: + return s_publicLegacyCloudSettings.Value; case Cloud.PPE: return s_ppeCloudSettings.Value; case Cloud.Arlington: diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/ConfidentialClientAuthorizationTests.cs b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/ConfidentialClientAuthorizationTests.cs index 02fe8d8534..a12fd10608 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/ConfidentialClientAuthorizationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/ConfidentialClientAuthorizationTests.cs @@ -33,7 +33,6 @@ public class ConfidentialClientAuthorizationTests private static readonly TimeSpan s_timeout = TimeSpan.FromMinutes(1); private static readonly string[] s_scopes = { "User.Read" }; - private const string ConfidentialClientID = "35dc5034-9b65-4a5d-ad81-73cca468c1e0"; //msidlab4.com app private const string CertificateName = "LabAuth"; private static KeyVaultSecretsProvider s_secretProvider; @@ -62,34 +61,33 @@ public void TestInitialize() public async Task SeleniumGetAuthCode_RedeemForAt_CommonAuthority_Async() { // Arrange - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); - await RunTestForUserAsync(ConfidentialClientID, labResponse, "https://login.microsoftonline.com/common", false).ConfigureAwait(false); - await RunTestForUserAsync(ConfidentialClientID, labResponse, $"https://login.microsoftonline.com/{labResponse.User.TenantId}", false).ConfigureAwait(false); + await RunTestForUserAsync(labResponse.App.AppId, labResponse, "https://login.microsoftonline.com/common", false).ConfigureAwait(false); + await RunTestForUserAsync(labResponse.App.AppId, labResponse, $"https://login.microsoftonline.com/{labResponse.User.TenantId}", false).ConfigureAwait(false); } [TestMethod] public async Task GetTokenByAuthCode_WithPKCE_Async() { // Arrange - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); - await RunTestForUserAsync(ConfidentialClientID, labResponse, "https://login.microsoftonline.com/common", true).ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); + await RunTestForUserAsync(labResponse.App.AppId, labResponse, "https://login.microsoftonline.com/common", true).ConfigureAwait(false); } [TestMethod] public async Task GetTokenByAuthCode_HybridSPA_Async() { // Arrange - LabResponse labResponse = await LabUserHelper.GetHybridSpaAccontAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); var result = await RunTestForUserAsync(labResponse.App.AppId, labResponse, - "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca", false, - "http://localhost:3000/auth/implicit-redirect").ConfigureAwait(false); + $"https://login.microsoftonline.com/{labResponse.User.TenantId}", false).ConfigureAwait(false); Assert.IsNotNull(result.SpaAuthCode); //result = await RunTestForUserAsync(labResponse.App.AppId, labResponse, - // "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca", false, + // "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f", false, // "http://localhost:3000/auth/implicit-redirect", false).ConfigureAwait(false); //Assert.IsNull(result.SpaAuthCode); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/DeviceCodeFlowIntegrationTest.cs b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/DeviceCodeFlowIntegrationTest.cs index 2837a6c56b..172ab1a95a 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/DeviceCodeFlowIntegrationTest.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/DeviceCodeFlowIntegrationTest.cs @@ -39,7 +39,7 @@ public class DeviceCodeFlow [Timeout(2 * 60 * 1000)] // 2 min timeout public async Task DeviceCodeFlowTestAsync() { - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); await AcquireTokenWithDeviceCodeFlowAsync(labResponse, "aad user").ConfigureAwait(false); } @@ -47,7 +47,7 @@ public async Task DeviceCodeFlowTestAsync() [Timeout(2 * 60 * 1000)] // 2 min timeout public async Task SilentTokenAfterDeviceCodeFlowWithBrokerTestAsync() { - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false); await AcquireTokenSilentAfterDeviceCodeFlowWithBrokerAsync(labResponse, "aad user").ConfigureAwait(false); } diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/InteractiveFlowTests.NetFwk.cs b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/InteractiveFlowTests.NetFwk.cs index e424bc42c0..1081dd8d05 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/InteractiveFlowTests.NetFwk.cs +++ b/tests/Microsoft.Identity.Test.Integration.netcore/SeleniumTests/InteractiveFlowTests.NetFwk.cs @@ -42,8 +42,8 @@ public void TestInitialize() [RunOn(TargetFrameworks.NetFx)] public async Task Interactive_AADAsync() { - // Arrange - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + // Arrange - Use pure public client multi-tenant app to avoid AADSTS7000218 credential requirement + LabResponse labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); var result = await RunTestForUserAsync(labResponse).ConfigureAwait(false); } @@ -66,20 +66,10 @@ public async Task Interactive_MsaUser_Async() await RunTestForUserAsync(labResponse).ConfigureAwait(false); } - [RunOn(TargetFrameworks.NetCore)] -#if IGNORE_FEDERATED - [Ignore] -#endif - public async Task Interactive_AdfsV4_FederatedAsync() - { - LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.AdfsV4, true).ConfigureAwait(false); - await RunTestForUserAsync(labResponse).ConfigureAwait(false); - } - [RunOn(TargetFrameworks.NetCore)] public async Task InteractiveConsentPromptAsync() { - var labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); await RunPromptTestForUserAsync(labResponse, Prompt.Consent, true).ConfigureAwait(false); await RunPromptTestForUserAsync(labResponse, Prompt.Consent, false).ConfigureAwait(false); @@ -89,9 +79,9 @@ public async Task InteractiveConsentPromptAsync() #if IGNORE_FEDERATED [Ignore] #endif - public async Task Interactive_AdfsV2019_FederatedAsync() + public async Task Interactive_Adfs_FederatedAsync() { - LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultAdfsUserAsync().ConfigureAwait(false); await RunTestForUserAsync(labResponse).ConfigureAwait(false); } @@ -164,21 +154,21 @@ public async Task Interactive_Arlington_MultiCloudSupport_AADAsync() #if IGNORE_FEDERATED [Ignore] #endif - public async Task Interactive_AdfsV2019_DirectAsync() + public async Task Interactive_Adfs_DirectAsync() { - LabResponse labResponse = await LabUserHelper.GetAdfsUserAsync(FederationProvider.ADFSv2019, true).ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.GetDefaultAdfsUserAsync().ConfigureAwait(false); await RunTestForUserAsync(labResponse, true).ConfigureAwait(false); } [RunOn(TargetFrameworks.NetCore)] public async Task ValidateCcsHeadersForInteractiveAuthCodeFlowAsync() { - LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false); + LabResponse labResponse = await LabUserHelper.MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgsPC-JSON").ConfigureAwait(false); var pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) .WithDefaultRedirectUri() - .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) + .WithRedirectUri("http://localhost:52073") .WithTestLogging(out HttpSnifferClientFactory factory) .Build(); @@ -235,9 +225,9 @@ private async Task RunTestForUserAsync(LabResponse labResp if (directToAdfs) { pca = PublicClientApplicationBuilder - .Create(Adfs2019LabConstants.PublicClientId) - .WithRedirectUri(Adfs2019LabConstants.ClientRedirectUri) - .WithAdfsAuthority(Adfs2019LabConstants.Authority) + .Create(labResponse.App.AppId) + .WithRedirectUri("http://localhost:52073") + .WithAdfsAuthority("https://fs.id4slab1.com/adfs", validateAuthority: false) .WithTestLogging() .Build(); } @@ -245,7 +235,7 @@ private async Task RunTestForUserAsync(LabResponse labResp { pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) - .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) + .WithRedirectUri("http://localhost:52073") .WithAuthority(labResponse.Lab.Authority + "common") .WithTestLogging(out factory) .Build(); diff --git a/tests/Microsoft.Identity.Test.Integration.netcore/federationMetadata.xml b/tests/Microsoft.Identity.Test.Integration.netcore/federationMetadata.xml index ebb9df18f1..223284a41e 100644 --- a/tests/Microsoft.Identity.Test.Integration.netcore/federationMetadata.xml +++ b/tests/Microsoft.Identity.Test.Integration.netcore/federationMetadata.xml @@ -959,9 +959,9 @@ - - - + + + @@ -1219,39 +1219,39 @@ - + - http://fs.msidlab4.com/adfs/services/trust/2005/windows + http://fs.id4slab1.com/adfs/services/trust/2005/windows - host/fs.MSIDLAB4.com + host/fs.ID4SLAB1.com - + - https://fs.msidlab4.com/adfs/services/trust/2005/windowstransport + https://fs.id4slab1.com/adfs/services/trust/2005/windowstransport - host/fs.MSIDLAB4.com + host/fs.ID4SLAB1.com - + - https://fs.msidlab4.com/adfs/services/trust/2005/certificatemixed + https://fs.id4slab1.com/adfs/services/trust/2005/certificatemixed - + - https://certauth.fs.msidlab4.com/adfs/services/trust/2005/certificatetransport + https://certauth.fs.id4slab1.com/adfs/services/trust/2005/certificatetransport - + - http://fs.msidlab4.com/adfs/services/trust/2005/username + http://fs.id4slab1.com/adfs/services/trust/2005/username @@ -1262,39 +1262,39 @@ - + - https://fs.msidlab4.com/adfs/services/trust/2005/usernamebasictransport + https://fs.id4slab1.com/adfs/services/trust/2005/usernamebasictransport - + - https://fs.msidlab4.com/adfs/services/trust/2005/usernamemixed + https://fs.id4slab1.com/adfs/services/trust/2005/usernamemixed - + - https://fs.msidlab4.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256 + https://fs.id4slab1.com/adfs/services/trust/2005/issuedtokenmixedasymmetricbasic256 - + - https://fs.msidlab4.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256 + https://fs.id4slab1.com/adfs/services/trust/2005/issuedtokenmixedsymmetricbasic256 - + - https://fs.msidlab4.com/adfs/services/trust/13/certificatemixed + https://fs.id4slab1.com/adfs/services/trust/13/certificatemixed - + - http://fs.msidlab4.com/adfs/services/trust/13/username + http://fs.id4slab1.com/adfs/services/trust/13/username @@ -1305,44 +1305,44 @@ - + - https://fs.msidlab4.com/adfs/services/trust/13/usernamebasictransport + https://fs.id4slab1.com/adfs/services/trust/13/usernamebasictransport - + - https://fs.msidlab4.com/adfs/services/trust/13/usernamemixed + https://fs.id4slab1.com/adfs/services/trust/13/usernamemixed - + - https://fs.msidlab4.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256 + https://fs.id4slab1.com/adfs/services/trust/13/issuedtokenmixedasymmetricbasic256 - + - https://fs.msidlab4.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256 + https://fs.id4slab1.com/adfs/services/trust/13/issuedtokenmixedsymmetricbasic256 - + - http://fs.msidlab4.com/adfs/services/trust/13/windows + http://fs.id4slab1.com/adfs/services/trust/13/windows - host/fs.MSIDLAB4.com + host/fs.id4slab1.com - + - https://fs.msidlab4.com/adfs/services/trust/13/windowstransport + https://fs.id4slab1.com/adfs/services/trust/13/windowstransport - host/fs.MSIDLAB4.com + host/fs.id4slab1.com diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/KeyVaultSecretsProvider.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/KeyVaultSecretsProvider.cs index acdf216499..b054edd4b3 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/KeyVaultSecretsProvider.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/KeyVaultSecretsProvider.cs @@ -79,6 +79,18 @@ public KeyVaultSecret GetSecretByName(string secretName, string secretVersion) return _secretClient.GetSecret(secretName, secretVersion).Value; } + public async Task GetSecretByNameAsync(string secretName) + { + var response = await _secretClient.GetSecretAsync(secretName).ConfigureAwait(false); + return response.Value; + } + + public async Task GetSecretByNameAsync(string secretName, string secretVersion) + { + var response = await _secretClient.GetSecretAsync(secretName, secretVersion).ConfigureAwait(false); + return response.Value; + } + public async Task GetCertificateWithPrivateMaterialAsync(string certName) { return await _certificateClient.DownloadCertificateAsync(certName).ConfigureAwait(false); diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/LabServiceParameters.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/LabServiceParameters.cs index c539d11223..c98a563302 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/LabServiceParameters.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/LabServiceParameters.cs @@ -15,6 +15,7 @@ public enum FederationProvider PingFederateV83, Shibboleth, ADFSv2019, + ADFSv2022, B2C, Ping, CIAM, diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs index 5c6510cf14..7ca5fc674a 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs @@ -5,6 +5,8 @@ using System.Collections.Concurrent; using System.Diagnostics; using System.Threading.Tasks; +using Newtonsoft.Json; +using Newtonsoft.Json.Linq; namespace Microsoft.Identity.Test.LabInfrastructure { @@ -28,23 +30,113 @@ public static async Task GetLabUserDataAsync(UserQuery query) { if (s_userCache.ContainsKey(query)) { - Trace.WriteLine("Lab user cache hit. Selected user: " + s_userCache[query].User.Upn); - return s_userCache[query]; + var cachedResponse = s_userCache[query]; + Debug.WriteLine($"Lab cache hit: {cachedResponse.User?.Upn ?? "N/A"} | {cachedResponse.App?.AppId ?? "N/A"} | {cachedResponse.Lab?.TenantId ?? "N/A"}"); + return cachedResponse; } var response = await s_labService.GetLabResponseFromApiAsync(query).ConfigureAwait(false); if (response == null) { + Debug.WriteLine($"Lab API returned null for query: {query}"); throw new LabUserNotFoundException(query, "Found no users for the given query."); } - bool added = s_userCache.TryAdd(query, response); - Debug.WriteLine("User cache miss. Returning user from lab: " + response.User.Upn); - Debug.WriteLine("User cache updated: " + added); + Debug.WriteLine($"Lab API: {response.User?.Upn ?? "N/A"} | {response.App?.AppId ?? "N/A"} | {response.Lab?.TenantId ?? "N/A"} | {response.User?.AzureEnvironment.ToString() ?? "N/A"}"); + s_userCache.TryAdd(query, response); return response; } + private static async Task GetKVLabDataAsync(string secret) + { + // TODO: Implement caching similar to GetLabUserDataAsync to avoid repeated Key Vault calls + try + { + var keyVaultSecret = await KeyVaultSecretsProviderMsal.GetSecretByNameAsync(secret).ConfigureAwait(false); + string labData = keyVaultSecret.Value; + + if (string.IsNullOrEmpty(labData)) + { + Debug.WriteLine($"KeyVault secret '{secret}' empty"); + throw new LabUserNotFoundException(new UserQuery(), $"Found no content for secret '{secret}' in Key Vault."); + } + + try + { + // Parse JSON directly - let JsonException bubble up if invalid + var response = JsonConvert.DeserializeObject(labData) ?? throw new LabUserNotFoundException(new UserQuery(), $"Failed to deserialize Key Vault secret '{secret}' to LabResponse."); + Debug.WriteLine($"KeyVault '{secret}': {response.User?.Upn ?? response.App?.AppId ?? response.Lab?.TenantId ?? "Unknown"}"); + return response; + } + catch (JsonException jsonEx) + { + Debug.WriteLine($"KeyVault '{secret}': invalid JSON ({labData.Length} chars) - {jsonEx.Message}"); + throw new LabUserNotFoundException(new UserQuery(), $"Key Vault secret '{secret}' contains invalid JSON for LabResponse. {jsonEx.Message}"); + } + } + catch (Exception e) when (!(e is LabUserNotFoundException)) + { + Debug.WriteLine($"KeyVault '{secret}' failed: {e.Message}"); + throw new InvalidOperationException($"Failed to retrieve or parse Key Vault secret '{secret}'. See inner exception.", e); + } + } + + public static async Task MergeKVLabDataAsync(params string[] secrets) + { + if (secrets == null || secrets.Length == 0) + { + throw new ArgumentException("At least one secret name must be provided.", nameof(secrets)); + } + + try + { + LabResponse mergedResponse = null; + + foreach (string secret in secrets) + { + var labResponse = await GetKVLabDataAsync(secret).ConfigureAwait(false); + + if (mergedResponse == null) + { + mergedResponse = labResponse; + } + else + { + mergedResponse = MergeLabResponses(mergedResponse, labResponse); + } + } + + if (mergedResponse == null) + { + Debug.WriteLine($"Merge failed - no valid LabResponse in: {string.Join(", ", secrets)}"); + throw new LabUserNotFoundException(new UserQuery(), $"Failed to create merged LabResponse from secrets: {string.Join(", ", secrets)}"); + } + + Debug.WriteLine($"Merged [{string.Join(", ", secrets)}]: {mergedResponse.User?.Upn ?? "N/A"} | {mergedResponse.App?.AppId ?? "N/A"} | {mergedResponse.Lab?.TenantId ?? "N/A"}"); + return mergedResponse; + } + catch (Exception e) + { + Debug.WriteLine($"Merge failed [{string.Join(", ", secrets)}]: {e.Message}"); + throw new InvalidOperationException($"Failed to merge Key Vault secrets: {string.Join(", ", secrets)}. See inner exception.", e); + } + } + + private static LabResponse MergeLabResponses(LabResponse primary, LabResponse secondary) + { + var primaryJson = JObject.FromObject(primary); + var secondaryJson = JObject.FromObject(secondary); + + primaryJson.Merge(secondaryJson, new JsonMergeSettings + { + MergeArrayHandling = MergeArrayHandling.Union, + MergeNullValueHandling = MergeNullValueHandling.Ignore + }); + + return primaryJson.ToObject(); + } + [Obsolete("Use GetSpecificUserAsync instead", true)] public static Task GetLabUserDataForSpecificUserAsync(string upn) { @@ -54,34 +146,30 @@ public static Task GetLabUserDataForSpecificUserAsync(string upn) public static async Task GetMSIEnvironmentVariablesAsync(string uri) { string result = await s_labService.GetLabResponseAsync(uri).ConfigureAwait(false); + Debug.WriteLine($"MSI env vars: {result?.Length ?? 0} chars from {uri}"); return result; } - - /// - /// Returns the AAD cloud user idlab1@msidlab4.onmicrosoft.com - /// - /// public static Task GetDefaultUserAsync() { - return GetLabUserDataAsync(UserQuery.PublicAadUserQuery); + return MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-App-Default-JSON"); + } + + public static Task GetDefaultUserWithMultiTenantAppAsync() + { + return MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-APP-AzureADMultipleOrgs-JSON"); } - - /// - /// Returns the AAD cloud user idlab@msidlab4.onmicrosoft.com - /// - /// public static Task GetDefaultUser2Async() { - return GetLabUserDataAsync(UserQuery.PublicAadUser2Query); + return MergeKVLabDataAsync("MSAL-User-Default2-JSON", "ID4SLAB1", "MSAL-App-Default-JSON"); } - - /// - /// Returns the AAD cloud user idlab@msidlab4.onmicrosoft.com - /// - /// public static Task GetDefaultUser3Async() { - return GetLabUserDataAsync(UserQuery.PublicAadUser3Query); + return MergeKVLabDataAsync("MSAL-User-XCG-JSON", "ID4SLAB1", "MSAL-App-Default-JSON"); + } + + public static Task GetDefaultAdfsUserAsync() + { + return MergeKVLabDataAsync("MSAL-USER-FedDefault-JSON", "ID4SLAB1", "MSAL-App-Default-JSON"); } public static Task GetMsaUserAsync() @@ -91,7 +179,7 @@ public static Task GetMsaUserAsync() public static Task GetHybridSpaAccontAsync() { - return GetLabUserDataAsync(UserQuery.HybridSpaUserQuery); + return MergeKVLabDataAsync("MSAL-User-Default-JSON", "ID4SLAB1", "MSAL-App-Default-JSON"); } public static Task GetB2CLocalAccountAsync() @@ -115,6 +203,7 @@ public static async Task GetB2CMSAAccountAsync() if (string.IsNullOrEmpty(response.User.HomeUPN) || string.Equals("None", response.User.HomeUPN, StringComparison.OrdinalIgnoreCase)) { + Debug.WriteLine($"B2C MSA HomeUPN set to UPN: {response.User.Upn}"); response.User.HomeUPN = response.User.Upn; } return response; @@ -137,7 +226,6 @@ public static Task GetArlingtonADFSUserAsync() var query = UserQuery.ArlingtonUserQuery; query.UserType = UserType.Federated; var response = GetLabUserDataAsync(query); - response.Result.User.AzureEnvironment = AzureEnvironment.azureusgovernment; return response; } @@ -151,9 +239,9 @@ public static Task GetAdfsUserAsync(FederationProvider federationPr UserType = federated ? UserType.Federated : UserType.Cloud }; - if (!federated && - federationProvider != FederationProvider.ADFSv2019) + if (!federated && federationProvider != FederationProvider.ADFSv2019) { + Debug.WriteLine($"Invalid ADFS config: {federationProvider} non-federated not supported"); throw new InvalidOperationException("Test Setup Error: MSAL only supports ADFS2019 direct (non-federated) access. " + "Support for older versions of ADFS is exclusively via federation"); } @@ -163,23 +251,37 @@ public static Task GetAdfsUserAsync(FederationProvider federationPr public static string FetchUserPassword(string userLabName) { + // TODO: Implement caching similar to GetLabUserDataAsync to avoid repeated Key Vault calls if (string.IsNullOrWhiteSpace(userLabName)) { + Debug.WriteLine("Password fetch failed: empty lab name"); throw new InvalidOperationException("Error: lab name is not set on user. Password retrieval failed."); } if (KeyVaultSecretsProviderMsid == null || KeyVaultSecretsProviderMsal == null) { + Debug.WriteLine("Password fetch failed: KeyVault provider not initialized"); throw new InvalidOperationException("Error: KeyVault secrets provider is not set"); } try { - return s_labService.GetUserSecretAsync(userLabName).Result; + var keyVaultSecret = KeyVaultSecretsProviderMsid.GetSecretByName(userLabName); + string password = keyVaultSecret.Value; + + if (!string.IsNullOrEmpty(password)) + { + Debug.WriteLine($"Password retrieved for {userLabName} ({password.Length} chars)"); + return password; + } + + Debug.WriteLine($"Password empty for {userLabName}"); + throw new InvalidOperationException($"Password secret '{userLabName}' found but was empty in Key Vault."); } catch (Exception e) { - throw new InvalidOperationException("Test setup: cannot get the user password. See inner exception.", e); + Debug.WriteLine($"Password fetch failed for {userLabName}: {e.Message}"); + throw new InvalidOperationException($"Test setup: cannot get the user password from Key Vault secret '{userLabName}'. See inner exception.", e); } } } diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs index 023a3d80dc..0db9391351 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs @@ -27,17 +27,17 @@ public struct UserQuery public static UserQuery PublicAadUserQuery => new UserQuery() { - Upn = "idlab1@msidlab4.onmicrosoft.com" + Upn = "MSAL-User-Default@id4slab1.onmicrosoft.com" }; public static UserQuery PublicAadUser2Query => new UserQuery() { - Upn = "idlab@msidlab4.onmicrosoft.com" + Upn = "MSAL-User-Default2@id4slab1.onmicrosoft.com" }; public static UserQuery PublicAadUser3Query => new UserQuery() { - Upn = "idlabxcg@msidlab4.onmicrosoft.com" + Upn = "MSAL-User-XCG@id4slab1.onmicrosoft.com" }; public static UserQuery MsaUserQuery => new UserQuery diff --git a/tests/Microsoft.Identity.Test.Unit/CacheTests/UnifiedSchemaValidationTests.cs b/tests/Microsoft.Identity.Test.Unit/CacheTests/UnifiedSchemaValidationTests.cs index 048362782d..63667c8cc8 100644 --- a/tests/Microsoft.Identity.Test.Unit/CacheTests/UnifiedSchemaValidationTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/CacheTests/UnifiedSchemaValidationTests.cs @@ -195,7 +195,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccount() homeAccountId, null, idToken, - "idlab@msidlab4.onmicrosoft.com", + "MSAL-User-Default@id4slab1.onmicrosoft.com", AadTenantId, null); @@ -203,7 +203,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccount() { ["local_account_id"] = "9f4880d8-80ba-4c40-97bc-f7a23c703084", ["home_account_id"] = "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca", - ["username"] = "idlab@msidlab4.onmicrosoft.com", + ["username"] = "MSAL-User-Default@id4slab1.onmicrosoft.com", ["environment"] = "login.microsoftonline.com", ["realm"] = "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", ["authority_type"] = "MSSTS", @@ -221,7 +221,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccount() string expectedAccountKey = "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com"; Assert.AreEqual(expectedAccountKey, key.iOSAccount); - string expectedGenericKey = "idlab@msidlab4.onmicrosoft.com"; + string expectedGenericKey = "msal-user-default@id4slab1.onmicrosoft.com"; Assert.AreEqual(expectedGenericKey, key.iOSGeneric); Assert.AreEqual(1003, key.iOSType); @@ -886,7 +886,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccountAndFo homeAccountId, null, IdToken.Parse(response.IdToken), - "idlab@msidlab4.onmicrosoft.com", + "MSAL-User-Default@id4slab1.onmicrosoft.com", AadTenantId, null); @@ -894,7 +894,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccountAndFo { ["local_account_id"] = "9f4880d8-80ba-4c40-97bc-f7a23c703084", ["home_account_id"] = "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca", - ["username"] = "idlab@msidlab4.onmicrosoft.com", + ["username"] = "MSAL-User-Default@id4slab1.onmicrosoft.com", ["environment"] = "login.microsoftonline.com", ["realm"] = "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", ["authority_type"] = "MSSTS", @@ -912,7 +912,7 @@ public void TestSchemaComplianceForAccount_WhenMSSTSResponse_WithAADAccountAndFo string expectedAccountKey = "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.microsoftonline.com"; Assert.AreEqual(expectedAccountKey, key.iOSAccount); - string expectedGenericKey = "idlab@msidlab4.onmicrosoft.com"; + string expectedGenericKey = "msal-user-default@id4slab1.onmicrosoft.com"; Assert.AreEqual(expectedGenericKey, key.iOSGeneric); Assert.AreEqual(1003, key.iOSType); diff --git a/tests/Microsoft.Identity.Test.Unit/CoreTests/IdTokenParsingTests.cs b/tests/Microsoft.Identity.Test.Unit/CoreTests/IdTokenParsingTests.cs index e5a7bf57c5..05c83dcb9c 100644 --- a/tests/Microsoft.Identity.Test.Unit/CoreTests/IdTokenParsingTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/CoreTests/IdTokenParsingTests.cs @@ -28,18 +28,18 @@ public void IdTokenParsing_AADToken() "exp": 1538542322, "name": "Cloud IDLAB Basic User", "oid": "9f4880d8-80ba-4c40-97bc-f7a23c703084", - "preferred_username": "idlab@msidlab4.onmicrosoft.com", + "preferred_username": "MSAL-User-Default@id4slab1.onmicrosoft.com", "sub": "Y6YkBdHNNLHNmTKel9KhRz8wrasxdLRFiP14BRPWrn4", "tid": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "uti": "6nciX02SMki9k73-F1sZAA", "ver": "2.0" */ - var addIdToken = TestConstants.CreateAadTestTokenResponse().IdToken; + var addIdToken = TestConstants.CreateAadTestTokenResponseWithMsalUserDefault().IdToken; var parsedToken = IdToken.Parse(addIdToken); - CoreAssert.AreEqual("Cloud IDLAB Basic User", parsedToken.Name, parsedToken.ClaimsPrincipal.FindFirst("name").Value); + CoreAssert.AreEqual("MSAL User Default", parsedToken.Name, parsedToken.ClaimsPrincipal.FindFirst("name").Value); CoreAssert.AreEqual("9f4880d8-80ba-4c40-97bc-f7a23c703084", parsedToken.ObjectId, parsedToken.ClaimsPrincipal.FindFirst("oid").Value); - CoreAssert.AreEqual("idlab@msidlab4.onmicrosoft.com", parsedToken.PreferredUsername, parsedToken.ClaimsPrincipal.FindFirst("preferred_username").Value); + CoreAssert.AreEqual("MSAL-User-Default@id4slab1.onmicrosoft.com", parsedToken.PreferredUsername, parsedToken.ClaimsPrincipal.FindFirst("preferred_username").Value); CoreAssert.AreEqual("Y6YkBdHNNLHNmTKel9KhRz8wrasxdLRFiP14BRPWrn4", parsedToken.Subject, parsedToken.ClaimsPrincipal.FindFirst("sub").Value); CoreAssert.AreEqual("f645ad92-e38d-4d1a-b510-d1b09a74a8ca", parsedToken.TenantId, parsedToken.ClaimsPrincipal.FindFirst("tid").Value); @@ -48,9 +48,9 @@ public void IdTokenParsing_AADToken() Assert.AreEqual("1538538422", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "iat").Value); Assert.AreEqual("1538538422", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "nbf").Value); Assert.AreEqual("1538542322", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "exp").Value); - Assert.AreEqual("Cloud IDLAB Basic User", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "name").Value); + Assert.AreEqual("MSAL User Default", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "name").Value); Assert.AreEqual("9f4880d8-80ba-4c40-97bc-f7a23c703084", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "oid").Value); - Assert.AreEqual("idlab@msidlab4.onmicrosoft.com", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "preferred_username").Value); + Assert.AreEqual("MSAL-User-Default@id4slab1.onmicrosoft.com", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "preferred_username").Value); Assert.AreEqual("Y6YkBdHNNLHNmTKel9KhRz8wrasxdLRFiP14BRPWrn4", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "sub").Value); Assert.AreEqual("f645ad92-e38d-4d1a-b510-d1b09a74a8ca", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "tid").Value); Assert.AreEqual("6nciX02SMki9k73-F1sZAA", parsedToken.ClaimsPrincipal.Claims.Single(c => c.Type == "uti").Value); diff --git a/tests/Microsoft.Identity.Test.Unit/Resources/AADTestData.txt b/tests/Microsoft.Identity.Test.Unit/Resources/AADTestData.txt index 78a6600dc8..740e676e83 100644 --- a/tests/Microsoft.Identity.Test.Unit/Resources/AADTestData.txt +++ b/tests/Microsoft.Identity.Test.Unit/Resources/AADTestData.txt @@ -19,7 +19,7 @@ "exp": 1538542322, "name": "Cloud IDLAB Basic User", "oid": "9f4880d8-80ba-4c40-97bc-f7a23c703084", - "preferred_username": "idlab@msidlab4.onmicrosoft.com", + "preferred_username": "MSAL-User-Default@id4slab1.onmicrosoft.com", "sub": "Y6YkBdHNNLHNmTKel9KhRz8wrasxdLRFiP14BRPWrn4", "tid": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "uti": "6nciX02SMki9k73-F1sZAA", @@ -67,11 +67,11 @@ "account_cache_key": "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.windows.net-f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "account_cache_key_ios_service": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "account_cache_key_ios_account": "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca-login.windows.net", - "account_cache_key_ios_generic": "idlab@msidlab4.onmicrosoft.com", + "account_cache_key_ios_generic": "MSAL-User-Default@id4slab1.onmicrosoft.com", "account_cache_value": { "local_account_id": "9f4880d8-80ba-4c40-97bc-f7a23c703084", "home_account_id": "9f4880d8-80ba-4c40-97bc-f7a23c703084.f645ad92-e38d-4d1a-b510-d1b09a74a8ca", - "username": "idlab@msidlab4.onmicrosoft.com", + "username": "MSAL-User-Default@id4slab1.onmicrosoft.com", "environment": "login.windows.net", "realm": "f645ad92-e38d-4d1a-b510-d1b09a74a8ca", "authority_type": "MSSTS", diff --git a/tests/Microsoft.Identity.Test.Unit/UtilTests/JsonHelperTests.cs b/tests/Microsoft.Identity.Test.Unit/UtilTests/JsonHelperTests.cs index 81cd0c4400..ec000e36c2 100644 --- a/tests/Microsoft.Identity.Test.Unit/UtilTests/JsonHelperTests.cs +++ b/tests/Microsoft.Identity.Test.Unit/UtilTests/JsonHelperTests.cs @@ -39,7 +39,7 @@ public void Deserialize_AdalResultWrapper() ""IdToken"": null, ""TenantId"": null, ""UserInfo"": { - ""DisplayableId"": ""idlab@msidlab4.onmicrosoft.com"", + ""DisplayableId"": ""MSAL-User-Default@id4slab1.onmicrosoft.com"", ""FamilyName"": null, ""GivenName"": null, ""IdentityProvider"": null, @@ -52,7 +52,7 @@ public void Deserialize_AdalResultWrapper() }"; AdalResultWrapper result = JsonHelper.DeserializeFromJson(json); - Assert.AreEqual("idlab@msidlab4.onmicrosoft.com", result.Result.UserInfo.DisplayableId); + Assert.AreEqual("MSAL-User-Default@id4slab1.onmicrosoft.com", result.Result.UserInfo.DisplayableId); Assert.AreEqual("rt_secret", result.RefreshToken); } diff --git a/tests/devapps/MauiApps/MauiAppWithBroker/MSALClient/PCAWrapper.cs b/tests/devapps/MauiApps/MauiAppWithBroker/MSALClient/PCAWrapper.cs index dfdea89e9c..9a5cfcadde 100644 --- a/tests/devapps/MauiApps/MauiAppWithBroker/MSALClient/PCAWrapper.cs +++ b/tests/devapps/MauiApps/MauiAppWithBroker/MSALClient/PCAWrapper.cs @@ -30,7 +30,7 @@ public class PCAWrapper // ClientID of the application in (ms sample testing) private const string ClientId = "bff27aee-5b7f-4588-821a-ed4ce373d8e2"; // TODO - Replace with your client Id. And also replace in the AndroidManifest.xml - //// TenantID of the organization (msidlab4.com) + //// TenantID of the organization (id4slab1.com) //private const string TenantId = "f645ad92-e38d-4d1a-b510-d1b09a74a8ca"; // TODO - Replace with your TenantID. And also replace in the AndroidManifest.xml public static string[] Scopes = { "User.Read" }; diff --git a/tests/devapps/NetCoreTestApp/Program.cs b/tests/devapps/NetCoreTestApp/Program.cs index 47e03b9b7a..29e9117f9a 100644 --- a/tests/devapps/NetCoreTestApp/Program.cs +++ b/tests/devapps/NetCoreTestApp/Program.cs @@ -16,6 +16,7 @@ using Microsoft.Identity.Client.Broker; using Microsoft.Identity.Client.Extensibility; using Microsoft.Identity.Test.Integration.NetFx.Infrastructure; +using Microsoft.Identity.Test.LabInfrastructure; using NetCoreTestApp.Experimental; namespace NetCoreTestApp @@ -28,8 +29,8 @@ public class Program { "caller-sdk-ver", ("123", false) } }; - // This app has http://localhost redirect uri registered - private static readonly string s_clientIdForPublicApp = "1d18b3b0-251b-4714-a02a-9956cec86c2d"; + // This app will be dynamically set to the multi-tenant app from lab + private static readonly string s_clientIdForPublicApp = LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().Result.App.AppId; private static readonly string s_username = ""; // used for WIA and U/P, cannot be empty on .net core @@ -68,7 +69,7 @@ public static void Main(string[] args) var ccaSettings = ConfidentialAppSettings.GetSettings(Cloud.Public); s_clientIdForConfidentialApp = ccaSettings.ClientId; s_ccaAuthority = ccaSettings.Authority; - s_confidentialClientCertificate = ccaSettings.GetCertificate(); + s_confidentialClientCertificate = ccaSettings.Certificate; var pca = CreatePca(); RunConsoleAppLogicAsync(pca).Wait(); diff --git a/tests/devapps/RegionalTestApp/Program.cs b/tests/devapps/RegionalTestApp/Program.cs index 015cc5a950..d857c04631 100644 --- a/tests/devapps/RegionalTestApp/Program.cs +++ b/tests/devapps/RegionalTestApp/Program.cs @@ -174,7 +174,7 @@ private static async Task AcquireTokenAsync(string region, bool setEnvVariable = var builder = ConfidentialClientApplicationBuilder.Create(s_appSettings.ClientId) .WithAuthority(s_appSettings.Authority, false) - .WithCertificate(s_appSettings.GetCertificate()) + .WithCertificate(s_appSettings.Certificate) .WithLogging(Log, LogLevel.Verbose, true); // Regional if region specified, global otherwise diff --git a/tests/devapps/TestTelemetry/Program.cs b/tests/devapps/TestTelemetry/Program.cs index 6fe9c1abff..24bf91c184 100644 --- a/tests/devapps/TestTelemetry/Program.cs +++ b/tests/devapps/TestTelemetry/Program.cs @@ -23,7 +23,7 @@ static async Task Main(string[] args) string[] scopes = new string[] { $"{s_appSettings.ClientId}/.default", }; var builder = ConfidentialClientApplicationBuilder.Create(s_appSettings.ClientId) .WithAuthority(s_appSettings.Authority, false) - .WithCertificate(s_appSettings.GetCertificate()) + .WithCertificate(s_appSettings.Certificate) .WithLogging(Log, LogLevel.Verbose, true); var cca = builder.Build(); diff --git a/tests/devapps/WAM/MSIX/README.md b/tests/devapps/WAM/MSIX/README.md index e02a542dda..f590291b84 100644 --- a/tests/devapps/WAM/MSIX/README.md +++ b/tests/devapps/WAM/MSIX/README.md @@ -12,9 +12,9 @@ This app is a minimum WPF app to reproduce the error 'Unable to load DLL 'msalru Result : You should now see the Windows Web Account Manager UI showing up and prompting you to sign in to the app. You can use the MS Credentials or use the following user details to sign-in. But sign in is actually not required. The WAM (Web Account Manager) UI is from the Native dll (msalruntime.dll) packaged along with `Microsoft.Identity.Client.Broker` -Identity Lab Account User Name : idlab@msidlab4.onmicrosoft.com +Identity Lab Account User Name : MSAL-User-Default@id4slab1.onmicrosoft.com -Identity Lab Account Password : https://msidlab.com/api/LabSecret?&Secret=msidlab4 (Please do not share this secret or add it to your response) +Identity Lab Account Password : https://ms.portal.azure.com/#@microsoft.onmicrosoft.com/asset/Microsoft_Azure_KeyVault/Secret/https://msidlabs.vault.azure.net/secrets/ID4SLAB1 (Please do not share this secret or add it to your response) 7. Now set the `WPF.Package` as the start up project 8. Start the project "WPF.Package" project. diff --git a/tests/devapps/WAM/NetWSLWam/Class1.cs b/tests/devapps/WAM/NetWSLWam/Class1.cs index 826bddf419..218017feac 100644 --- a/tests/devapps/WAM/NetWSLWam/Class1.cs +++ b/tests/devapps/WAM/NetWSLWam/Class1.cs @@ -26,7 +26,6 @@ public class Authentication [DllImport("libX11")] private static extern IntPtr XDefaultRootWindow(IntPtr display); - public static async Task InvokeBrokerAsync() { IntPtr _parentHandle = XRootWindow(XOpenDisplay(null), 0);; @@ -64,7 +63,7 @@ public static async Task InvokeBrokerAsync() try { - var authResult = await pca.AcquireTokenInteractive(new[] { "user.read" }).WithLoginHint("idlab@msidlab4.onmicrosoft.com") + var authResult = await pca.AcquireTokenInteractive(new[] { "user.read" }).WithLoginHint("MSAL-User-Default@id4slab1.onmicrosoft.com") .ExecuteAsync().ConfigureAwait(false); Console.WriteLine(authResult.Account);