Skip to content

[Draft] Labmigration #5558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 42 commits into
base: main
Choose a base branch
from
Draft

[Draft] Labmigration #5558

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
42 commits
Select commit Hold shift + click to select a range
c48ee29
Complete Key Vault migration with ObjectId validation
RyAuld Oct 18, 2025
12e0e44
Complete Key Vault migration and update OnBehalfOf tests
RyAuld Oct 20, 2025
855e19b
Enhance lab infrastructure with debug logging and ADFS 2022 support
RyAuld Oct 24, 2025
ea1a6f7
Update UsernamePasswordIntegrationTests.NetFwk.cs with additional imp…
RyAuld Oct 24, 2025
5417662
Align UsernamePasswordIntegrationTests.NetFwk.cs with main branch - c…
RyAuld Oct 28, 2025
78659e9
Restore complete LabMigration version of UsernamePasswordIntegrationT…
RyAuld Oct 28, 2025
37e1665
Update LabUserHelper calls to use LabMigration enhanced methods while…
RyAuld Oct 28, 2025
86e591d
Fix GetHybridSpaAccontAsync to use Key Vault approach instead of old …
RyAuld Oct 28, 2025
67e51ac
Complete migration to new lab infrastructure
RyAuld Oct 28, 2025
30ee25b
Fix failing tests in labmigration branch
RyAuld Oct 28, 2025
4714ab9
Fix CacheCompat test compilation errors
RyAuld Oct 28, 2025
613d4dc
Trigger pipeline rebuild with latest changes
RyAuld Oct 28, 2025
352b44d
Migrate integration tests from MSIDLAB4 to id4slab1 tenant
RyAuld Oct 29, 2025
cfbd534
Complete MSAL.NET OBO integration test migration to ID4SLAB1 tenant
RyAuld Oct 30, 2025
61cc635
Migrate ADFS tests from fs.msidlab8.com to fs.id4slab1.com
RyAuld Oct 30, 2025
dc39585
Merge branch 'main' into labmigration
RyAuld Oct 30, 2025
ac6cd53
Add missing CreateAadTestTokenResponseWithMsalUserDefault method
RyAuld Oct 30, 2025
00cf259
Merge branch 'labmigration' of https://github.com/AzureAD/microsoft-a…
RyAuld Oct 30, 2025
10309b3
Fix tenant routing issue by using multi-tenant app for integration tests
RyAuld Oct 30, 2025
10f838b
Fix HybridSPA test to use multi-tenant app and clean up whitespace
RyAuld Oct 30, 2025
348813d
Clean up trailing whitespace in commented code
RyAuld Oct 31, 2025
b1eda23
Merge remote-tracking branch 'origin/main' into labmigration
RyAuld Oct 31, 2025
211f861
Fix device code flow tests to use tenant-specific authority
RyAuld Oct 31, 2025
8b63d36
Add GetDefaultUserWithMultiTenantAppAsync method and update device co…
RyAuld Oct 31, 2025
066af43
Fix AADSTS700016 errors by migrating to multi-tenant app configuration
RyAuld Oct 31, 2025
22ebda2
Fix additional tests using default user instead of multi-tenant app
RyAuld Oct 31, 2025
85ad81a
Fix more tests using /common endpoint with single-tenant app
RyAuld Oct 31, 2025
7a92a52
Final migration updates - OBO tests and interactive flow fixes
RyAuld Oct 31, 2025
ae9ba1a
Fix interactive tests to use correct app configuration
RyAuld Oct 31, 2025
b1fbc93
Remove Selenium.WebDriver.ChromeDriver package reference to match mai…
RyAuld Nov 4, 2025
bd86c1a
Merge branch 'main' into labmigration
RyAuld Nov 5, 2025
6c04b9b
Optimize OBO test initialization - remove redundant GetDefaultUserWit…
RyAuld Nov 6, 2025
fc48e04
Address PR feedback for GetKVLabData method - improve type safety and…
RyAuld Nov 6, 2025
f3036da
Optimize JSON parsing in GetKVLabDataAsync - eliminate duplicate parsing
RyAuld Nov 6, 2025
bcaa90a
Clean up OnBehalfOfTests.cs - Remove outdated migration comment
RyAuld Nov 6, 2025
d62ad71
Refactor ConfidentialAppSettings for Single Responsibility Principle
RyAuld Nov 6, 2025
fab8f37
Fix remaining CI/CD compilation errors - complete SRP refactoring
RyAuld Nov 6, 2025
857f798
Fix NetCoreTestApp to use multi-tenant app from lab
RyAuld Nov 6, 2025
2711a9f
Merge branch 'main' into labmigration
RyAuld Nov 6, 2025
70813a4
Test: Change Interactive_AADAsync to use multi-tenant app
RyAuld Nov 7, 2025
263fec3
Merge branch 'labmigration' of https://github.com/AzureAD/microsoft-a…
RyAuld Nov 7, 2025
62d15f6
Merge branch 'main' into labmigration
RyAuld Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 5 additions & 6 deletions tests/CacheCompat/CommonCache.Test.Unit/CacheExecutionTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,13 +19,12 @@ public class CacheExecutionTests

private static async Task<LabUserData> GetPublicAadUserDataAsync()
{
var api = new LabServiceApi();
LabResponse labResponse = (await api.GetLabResponseFromApiAsync(UserQuery.PublicAadUserQuery).ConfigureAwait(false));
var labUser = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
return new LabUserData(
labResponse.User.Upn,
labResponse.User.GetOrFetchPassword(),
labResponse.User.AppId,
labResponse.User.TenantId);
labUser.User.Upn,
labUser.User.GetOrFetchPassword(),
labUser.App.AppId,
labUser.User.TenantId);
}

[AssemblyInitialize]
Expand Down
18 changes: 15 additions & 3 deletions tests/Microsoft.Identity.Test.Common/TestConstants.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ public static HashSet<string> s_scope
public const string MsiResource = "scope";
public static readonly string[] s_graphScopes = new[] { "user.read" };
public const uint JwtToAadLifetimeInSeconds = 60 * 10; // Ten minutes
public const string ClientCredentialAudience = "https://login.microsoftonline.com/f645ad92-e38d-4d1a-b510-d1b09a74a8ca/v2.0";
public const string PublicCloudConfidentialClientID = "88f91eac-c606-4c67-a0e2-a5e8a186854f";
public const string ClientCredentialAudience = "https://login.microsoftonline.com/10c419d4-4a50-45b2-aa4e-919fb84df24f/v2.0";
public const string PublicCloudConfidentialClientID = "54a2d933-8bf8-483b-a8f8-0a31924f3c1f";
public const string AutomationTestCertName = "LabAuth.MSIDLab.com";
public static Dictionary<string, string> AdditionalAssertionClaims =>
new Dictionary<string, string>() { { "Key1", "Val1" }, { "Key2", "Val2" }, { "customClaims", "{\"xms_az_claim\": [\"GUID\", \"GUID2\", \"GUID3\"]}" } };
Expand Down Expand Up @@ -74,6 +74,9 @@ public static HashSet<string> s_scope

public const string ProductionPrefNetworkEnvironment = "login.microsoftonline.com";
public const string ProductionPrefCacheEnvironment = "login.windows.net";
// TODO: Tenant Migration - Regional endpoint may need update after migration
// Current: centralus (old tenant), New: eastus2 (id4slab1 tenant)
// Note: Regional endpoints may not work with new tenant due to AADSTS100007 restrictions
public const string ProductionPrefRegionalEnvironment = "centralus.login.microsoft.com";
public const string ProductionPrefInvalidRegionEnvironment = "invalidregion.login.microsoft.com";
public const string ProductionNotPrefEnvironmentAlias = "sts.windows.net";
Expand Down Expand Up @@ -204,7 +207,7 @@ public static HashSet<string> s_scope
public const string PKeyAuthResponse = "PKeyAuth Context=\"context\",Version=\"1.0\"";

public const string RegionName = "REGION_NAME";
public const string Region = "centralus";
public const string Region = "centralus"; // TODO: Tenant Migration - Update for new tenant (id4slab1) is in eastus2
public const string InvalidRegion = "invalidregion";
public const int TimeoutInMs = 2000;
public const string ImdsHost = "169.254.169.254";
Expand Down Expand Up @@ -262,6 +265,7 @@ public static IDictionary<string, string> ExtraQueryParameters
public const string MsalCCAKeyVaultUri = "https://id4skeyvault.vault.azure.net/secrets/AzureADIdentityDivisionTestAgentSecret/";

public const string MsalCCAKeyVaultSecretName = "MSIDLAB4-IDLABS-APP-AzureADMyOrg-CC";
// TODO: Tenant Migration - New secret name for id4slab1 tenant: "MSAL-APP-AzureADMultipleOrgs"
public const string MsalOBOKeyVaultUri = "https://id4skeyvault.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret/";
public const string MsalOBOKeyVaultSecretName = "IdentityDivisionDotNetOBOServiceSecret";
public const string MsalArlingtonOBOKeyVaultUri = "https://msidlabs.vault.azure.net:443/secrets/ARLMSIDLAB1-IDLASBS-App-CC-Secret";
Expand Down Expand Up @@ -595,6 +599,14 @@ public static MsalTokenResponse CreateAadTestTokenResponseWithFoci()
return msalTokenResponse;
}

public static MsalTokenResponse CreateAadTestTokenResponseWithMsalUserDefault()
Copy link
Member

@bgavrilMS bgavrilMS Nov 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for unit tests only I believe. Unit tests do not make HTTP calls to Entra and do not rely on an actual infra. I would recommend not modifying this.

{
// Token response with MSAL User Default user information for ID4SLAB1 tenant
const string jsonResponse = "{\"token_type\":\"Bearer\",\"scope\":\"Calendars.Read openid profile Tasks.Read User.Read email\",\"expires_in\":3600,\"ext_expires_in\":262800,\"access_token\":\"<removed_at>\",\"refresh_token\":\"<removed_rt>\",\"id_token\":\"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJiNmM2OWEzNy1kZjk2LTRkYjAtOTA4OC0yYWI5NmUxZDgyMTUiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vZjY0NWFkOTItZTM4ZC00ZDFhLWI1MTAtZDFiMDlhNzRhOGNhL3YyLjAiLCJpYXQiOjE1Mzg1Mzg0MjIsIm5iZiI6MTUzODUzODQyMiwiZXhwIjoxNTM4NTQyMzIyLCJuYW1lIjoiTVNBTCBVc2VyIERlZmF1bHQiLCJvaWQiOiI5ZjQ4ODBkOC04MGJhLTRjNDAtOTdiYy1mN2EyM2M3MDMwODQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJNU0FMLVVzZXItRGVmYXVsdEBpZDRzbGFiMS5vbm1pY3Jvc29mdC5jb20iLCJzdWIiOiJZNllrQmRITk5MSE5tVEtlbDlLaFJ6OHdyYXN4ZExSRmlQMTRCUlBXcm40IiwidGlkIjoiZjY0NWFkOTItZTM4ZC00ZDFhLWI1MTAtZDFiMDlhNzRhOGNhIiwidXRpIjoiNm5jaVgwMlNNa2k5azczLUYxc1pBQSIsInZlciI6IjIuMCJ9.\",\"client_info\":\"" + AadRawClientInfo + "\"}";
var msalTokenResponse = JsonHelper.DeserializeFromJson<MsalTokenResponse>(jsonResponse);
return msalTokenResponse;
}

// Fake strings approximately representing tokens of real-world size
internal const string AppAccessToken = "a9sVdA2UrU0KbsG19MjSZp4hlrd4B3mhZc1gfWsu1v3Nxuf9y7MMqdmCqyt4OwJ7cZEFAhdy8wf9vRastaS0Dcc6MnAtaI73k9co06QtQgecLPVMR23ht6cWB25Ta7yqdcQ8X7ARdUD4MWY6o01TqADKE4Vo3DMpzZiwpiS6Z81I5bW9jbWiUTT7J44lRM1qR3ZJUdaa6OSOaLZT4temLYy3bXZh6Bvu7fxOF1pStzwESRDiFegYq6LFf1sHVY5scdvNOifQnWuRy4bWw0Fl17IO5lKzhuEUvaOcgyWea0Hg3Rh9U0or2WPogJna7HraHdp0BWtuj3KOdXqmjxDoFKkTfBXiubpnAqlWwfAKHvKYefNuSRT7ewHLFQNpVVbr93P1Na4aMHqL4DWIQ1BEYoRskQkxNDtzeipb5CP5FrfStz8lFB4nCaZsJPqIzi82BpZ4HwXls8VYrRLt2dK0D9ksxufhN2uUknO2w5MBDvpwl5IuPZiCvwxU0IG3eDyqRCqw1uh18KL4qbeAwp0BPQL7Xexc4eCXC5o24uxipyWK6C169R645sYCgHY9Phiik9fUaTcZ6rzPhSKXK5svhtuMUpDHoHnSkOocCmJPRdNEpULup7zAMtGxGtD4ldfRRtAD5MLBcnKB4QN4KsbysV9lj1xDSFawL22pno61hreo5lJmqlRdj3yRVupqg5IRhilWI0wbUSfUPISrBS0EcCb6rSBd6MPIbstJYOsuJ4Bh4wtLDDeD5oxlMIaF2tkf2QHfspXocd0fLbpA7X9AR1s5yYRRJKgh7SJMgS4JJxLHvF9VZJCKKwnYzlR5EaHYsvDCGyvEi9UkWDCBYMcG6OvzYemjVOTiJTbNM2q6DaqLS9bOMZdZzNfG3PlMAqeZlH5CLv8edLzfDaVZmMCdsc6iUTCAgW4ERDzu7Pf2AeQHQlpplPkgYMxiKZ31BxoaHvwlGReopWq3NN8oOS9QG5VCG1osQRmBZAQHDZTA2x30C4l8L4yH8tvs12trqAvRGnFIq79qluVwJHAPGbQZiAEArzpN7laNqDmzJFCA4emv6DdnCnGdLCSaIubVTBJ5dXbBN9xmphJUGw1jCoFDcFxrcOK0MdJnVGnbkEuSrnEVHUGmocUG1tb0QRZ9Jhn9mGO6RxVcZVzs7XJi8vEQ0FeWJOG0uqsNyi0gCmsglyH8QqsOVlYve8UuxqCgzm1CgfCeNDJEB01xk6iTsjRM0iGcCaZGCm9dRdW99Hlq8SsLRZl2IT48KYj4B9ZP4jBrkY9Ef3xpFRu8fiwgBdzrZosZA2aQPRXlvdM1XjeGaK7iUsrpsVOrvDorBoMucV3uypI85c7yQaTu1qrKfri7OZgEVVBdQO08iipyvyRVSBz1U9ZAc0xqgERqPUoPIOFtqMRx1qJD7WWRUa0hnd66SAgiM2ViGBZspIsUvA9KnAF28uU0kVRn3FXb3B3pNLhpHQSqElPz1uFKp6gO1kqRR6B6TwKn";
internal const string UserAccessToken = "flMpQIKiCoiPK6qISSjmF9dGhKe47KFGPwe82BDBxBCVfYI4UiKYbBuShsjf8oGTsjN5ODeaO6k0cmZJYuNNbLyOr8JGqoxQRW9bI8j5ETpbTNf6tYpAWde9PIYj2wEBnbughVgtJsh2QxIrahie5leMpsGb1yoFzADD5gyoJq8etNUSgZwe5qkfaE9UBCUKrznKjKbsG5hBJXut5GD0QdQy3wo2PnocewrptlMzd5SsHCzUUBGA4q7ks7IfrLiQH11JyBnjBhypOX3XvuqBz4JKkpftVYfvwPWE3f5Onku6FkZJFFESyGQP9YnJVx5dQCpHH9l6ShTqOLSQduf7wxoyeAgxwPrM9Y8Kvj31IrXqiwP52x4hBsctLCqOXOZ3wMXnozMXyHpNvKMJaNgDgvBgMYhiyORkb3qKYw0gAP4659I8dK1esxJoD8I3EreDftGfNMFCgn7kFfauUQphkqx8ukqzw068R7g5TOUci1pgPcVXCAMxj0P3fTiKe1doVuF6znKYh3m7pjyzyaqb5K9VFIh4A8TXOO0MqjaVkoSWJXARTy4T0kAZBVPbO6U2BWku23yLIt43MhQTc9uf7inuirwaIgh5u7noDxYG4QZLB1CJl04Zq2gbh9GW7dqweAaC9efYTEDwhxDTPHeGTQs44e8cnWerIyZA7mq8sFuzihIiCfgZ6nNBPcx2lXKyarUtQGmjjRyOEAhs66atv3SgMhNBhontPoUhR1QEnTKeYzfaavlnf5qMZA41hijGazHyxy5FgLD5aLEpZTHN5MPQLeaEXzDMX5Wtdvq7nokiItRfLkKZtXkuSiFVltmRPcKqzGbjNRH96OQzuxLE1Mv25FYFR3PAwv6np69yScVOpNFL8CqJdT310dGnRPUKSrEqTPuMsHqVRr36j2ZUaGs6YBtcrxIxKHuPrv23FQg5fC0FgxZvKqve0hf68AocJ1HqKRy01CGQobmYpTwBByftOZYGC4KOfGd13l78kZaKLuk2gxfFuTQyr11A0L4n5tXfjlikJtr3wlTGt0KCGGXmNK1xsSoRC0VcXDOgQUu3FHblhiaYjbSvPRF09xn9tRPnUkznbsT1kPMiJ8v89ZOCtVWpvkoiy9VUVcSUpZNQwRh3wHidZAkp1xyjyVc2pIHPg6XhzJnlt77zHNiBkPxWbYt7hXBQf3QeYoMF4s0Qi1y5N72DdoSNJ3iaTwx3esAz6TeyxSh36PIz35mR5jGyGMssyaNg6lIewLPbjnizgC6xssi6mKOheDqWqBv89nIvSBOXEkKcUYsBlhBBK6BgxOIha1NAeP93RRKfyjrF7LtIoSOk3DJUx75rUJ9oyuuTt4FdSnp7ZdrIciO8vlNslPrfa7UjBdOtVHiaz9Ef91dctdADVFcwXXmcu2ypyKB1YvMbkPP7mc12TF1a8X6t0mU4s4J4IpA3SHmT5JvbQBEzOIs6ex38X3UtXSItxpaS2gKozAhAmvjt6NKMe3Jysm4bafH1kb8eB1vdwTQu3jIOGozqHC3rvqEVAt26NNKOuNYAoYYamQOSb2w8PUCuDDWs1ffLvvfyvRndZztV5C4HGGR1Tg82N291Sb7rSUYmA1rdGyJ4kPtSaiPOwMyPUs9FuZNef5Ib83D3gTcgS1gMxto5UkfSxtCDKLXtGKArOdACrRzHiiMSn3owQfyVtSXZPdeofoCzuPWcZzFLBUJR0iKWBpUkxd0N17vw45uMQpQUNGgGoyvyboKkAFlOGsEIAmrnooC3CJGVA4jHPYJnVG4xTJ37U6QL5sX95qWtjbvuD5KoT2GyWec0o62CNr09tCQsiALLC1QrfCiCGsullefbsgBB5tsOY1Kyiy4uf84qBMu20GbsJ01R8xxpJ5bh6HFRaStEK3WIy7TMJym42YMbxB3AGsGFGhNYljtuqgeUjXn1UuWskkB6QqdepFHCof6CHg0LlV0o4Iz9QKu5cfoi8jk5HKbvIGyDqCgZaC2LdugNgQ0X";
Expand Down
2 changes: 1 addition & 1 deletion ...icrosoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsMtlsPopTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public async Task Sni_Gets_Pop_Token_Successfully_TestAsync()
IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public);

// Retrieve the certificate from settings
X509Certificate2 cert = settings.GetCertificate();
X509Certificate2 cert = settings.Certificate;

// Build Confidential Client Application with SNI certificate at App level
IConfidentialClientApplication confidentialApp = ConfidentialClientApplicationBuilder.Create(MsiAllowListedAppIdforSNI)
Expand Down
14 changes: 7 additions & 7 deletions ...icrosoft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.NetFwk.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ public async Task WithOnBeforeTokenRequest_TestAsync(Cloud cloud, TargetFramewor
.AcquireTokenForClient(settings.AppScopes)
.OnBeforeTokenRequest((data) =>
{
ModifyRequest(data, settings.GetCertificate()); // Adding a certificate via handler instead of using WithCertificate
ModifyRequest(data, settings.Certificate); // Adding a certificate via handler instead of using WithCertificate
return Task.CompletedTask;
})
.ExecuteAsync(CancellationToken.None)
Expand Down Expand Up @@ -360,10 +360,10 @@ private static IConfidentialClientApplication CreateApp(
switch (credentialType)
{
case CredentialType.Cert:
builder.WithCertificate(settings.GetCertificate());
builder.WithCertificate(settings.Certificate);
break;
case CredentialType.Secret:
builder.WithClientSecret(settings.GetSecret());
builder.WithClientSecret(settings.Secret);
break;
case CredentialType.ClientAssertion_Manual:

Expand All @@ -374,7 +374,7 @@ private static IConfidentialClientApplication CreateApp(
builder.WithClientAssertion(() => GetSignedClientAssertionManual(
settings.ClientId,
aud, // for AAD use v2.0, but not for ADFS
settings.GetCertificate(),
settings.Certificate,
useSha2AndPssForAssertion));
break;

Expand All @@ -387,14 +387,14 @@ private static IConfidentialClientApplication CreateApp(
() => GetSignedClientAssertionUsingWilson(
settings.ClientId,
aud2,
settings.GetCertificate()));
settings.Certificate));
break;

case CredentialType.ClientClaims_ExtraClaims:
builder.WithClientClaims(settings.GetCertificate(), GetClaims(true), mergeWithDefaultClaims: false, sendX5C: sendX5C);
builder.WithClientClaims(settings.Certificate, GetClaims(true), mergeWithDefaultClaims: false, sendX5C: sendX5C);
break;
case CredentialType.ClientClaims_MergeClaims:
builder.WithClientClaims(settings.GetCertificate(), GetClaims(false), mergeWithDefaultClaims: true, sendX5C: sendX5C);
builder.WithClientClaims(settings.Certificate, GetClaims(false), mergeWithDefaultClaims: true, sendX5C: sendX5C);
break;
default:
throw new NotImplementedException();
Expand Down
13 changes: 9 additions & 4 deletions ...soft.Identity.Test.Integration.netcore/HeadlessTests/ClientCredentialsTests.WithRegion.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ namespace Microsoft.Identity.Test.Integration.HeadlessTests
[TestClass]
public class RegionalAuthIntegrationTests
{
// TODO: TENANT MIGRATION - These tests currently use original tenant configuration
// Regional endpoints (eastus2.login.microsoft.com) return AADSTS100007 with new tenant
// "Only managed identities and Microsoft internal service identities are supported"
Copy link
Member

@bgavrilMS bgavrilMS Nov 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ack. Let's have a list of these. We will talk to AAD to enable these features.

// Regional endpoints are restricted by Azure AD policy for regular app registrations

private KeyVaultSecretsProvider _keyVault;

private const string RegionalHost = "centralus.login.microsoft.com";
Expand Down Expand Up @@ -59,7 +64,7 @@ public async Task AcquireTokenToRegionalEndpointAsync(bool instanceDiscoveryEnab
{
// Arrange
var factory = new HttpSnifferClientFactory();
var settings = ConfidentialAppSettings.GetSettings(Cloud.Public);
var settings = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy); // Use legacy config for regional tests
settings.InstanceDiscoveryEndpoint = instanceDiscoveryEnabled;
_confidentialClientApplication = BuildCCA(settings, factory);

Expand All @@ -78,7 +83,7 @@ public async Task InvalidRegion_GoesToInvalidAuthority_Async()
{
// Arrange
var factory = new HttpSnifferClientFactory();
var settings = ConfidentialAppSettings.GetSettings(Cloud.Public);
var settings = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy); // Use legacy config for regional tests
_confidentialClientApplication = BuildCCA(settings, factory, true, "invalid");

Environment.SetEnvironmentVariable(TestConstants.RegionName, TestConstants.Region);
Expand Down Expand Up @@ -131,7 +136,7 @@ private IConfidentialClientApplication BuildCCA(
}
else
{
builder.WithCertificate(settings.GetCertificate());
builder.WithCertificate(settings.Certificate);
}

builder.WithAuthority($@"https://{settings.Environment}/{settings.TenantId}")
Expand Down Expand Up @@ -193,7 +198,7 @@ private static string GetSignedClientAssertionUsingMsalInternal(string clientId,
var manager = PlatformProxyFactory.CreatePlatformProxy(null).CryptographyManager;

var jwtToken = new JsonWebToken(manager, clientId, TestConstants.ClientCredentialAudience, claims);
var cert = ConfidentialAppSettings.GetSettings(Cloud.Public).GetCertificate();
var cert = ConfidentialAppSettings.GetSettings(Cloud.PublicLegacy).Certificate; // Use legacy config for regional tests

return jwtToken.Sign(cert, true, true);
}
Expand Down
4 changes: 2 additions & 2 deletions ...soft.Identity.Test.Integration.netcore/HeadlessTests/InstanceDiscoveryIntegrationTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ public async Task AuthorityMigrationAsync()
[TestMethod]
public async Task FailedAuthorityValidationTestAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false);
LabUser user = labResponse.User;

IPublicClientApplication pca = PublicClientApplicationBuilder
Expand Down Expand Up @@ -97,7 +97,7 @@ public async Task FailedAuthorityValidationTestAsync()
[TestMethod]
public async Task AuthorityValidationTestWithFalseValidateAuthorityAsync()
{
LabResponse labResponse = await LabUserHelper.GetDefaultUserAsync().ConfigureAwait(false);
LabResponse labResponse = await LabUserHelper.GetDefaultUserWithMultiTenantAppAsync().ConfigureAwait(false);
LabUser user = labResponse.User;

IPublicClientApplication pca = PublicClientApplicationBuilder
Expand Down
6 changes: 3 additions & 3 deletions tests/Microsoft.Identity.Test.Integration.netcore/HeadlessTests/LegacyPopTest.NetFwk.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -343,7 +343,7 @@ public struct JwtClaimTypes
public async Task LegacyPoPAsync()
{
IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public);
X509Certificate2 clientCredsCert = settings.GetCertificate();
X509Certificate2 clientCredsCert = settings.Certificate;
RsaSecurityKey popKey = CreateRsaSecurityKey();

var cca = ConfidentialClientApplicationBuilder
Expand Down Expand Up @@ -398,7 +398,7 @@ public async Task LegacyPoPAsync()
public async Task LegacyPopUsingNewProtocol_CertThumbprinJWK_Async()
{
IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public);
X509Certificate2 clientCredsCert = settings.GetCertificate();
X509Certificate2 clientCredsCert = settings.Certificate;

var cca = ConfidentialClientApplicationBuilder
.Create(settings.ClientId)
Expand Down Expand Up @@ -442,7 +442,7 @@ public async Task LegacyPopUsingNewProtocol_CertThumbprinJWK_Async()
public async Task LegacyPopUsingNewProtocol_RsaKey_Async()
{
IConfidentialAppSettings settings = ConfidentialAppSettings.GetSettings(Cloud.Public);
X509Certificate2 clientCredsCert = settings.GetCertificate();
X509Certificate2 clientCredsCert = settings.Certificate;

var cca = ConfidentialClientApplicationBuilder
.Create(settings.ClientId)
Expand Down
Loading
Loading