Skip to content

Commit

Permalink
Fix for #4791 - don't use WSTrust for ROPC except for AAD authorities (
Browse files Browse the repository at this point in the history
…#4794)

* Fix for #4791

* Fix for #4791

* fix

---------

Co-authored-by: Neha Bhargava <[email protected]>
  • Loading branch information
bgavrilMS and neha-bhargava authored Jun 6, 2024
1 parent 3f5f9df commit 88df640
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -117,9 +117,9 @@ private AuthorityInfo(
/// <summary>
/// For IWA
/// </summary>
internal bool IsUserAssertionSupported =>
AuthorityType != AuthorityType.Adfs &&
AuthorityType != AuthorityType.B2C;
internal bool IsWsTrustFlowSupported =>
AuthorityType == AuthorityType.Aad ||
AuthorityType == AuthorityType.Dsts;

/// <summary>
/// Authority supports multi-tenancy. ADFS and Generic authorities are not tenanted.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ protected override async Task<AuthenticationResult> ExecuteAsync(CancellationTok

private async Task<UserAssertion> FetchAssertionFromWsTrustAsync()
{
if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported)
if (!AuthenticationRequestParameters.AuthorityInfo.IsWsTrustFlowSupported)
{
//IWA is currently not supported in pure adfs environments. See https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/2771
throw new MsalClientException(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ private async Task<MsalTokenResponse> GetTokenResponseAsync(CancellationToken ca

private async Task<UserAssertion> FetchAssertionFromWsTrustAsync()
{
if (!AuthenticationRequestParameters.AuthorityInfo.IsUserAssertionSupported)
if (!AuthenticationRequestParameters.AuthorityInfo.IsWsTrustFlowSupported)
{
return null;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ public void DstsAuthorityFlags()
Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.CanBeTenanted);
Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsClientInfoSupported);
Assert.IsFalse((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsInstanceDiscoverySupported);
Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsUserAssertionSupported);
Assert.IsTrue((app.AppConfig as ApplicationConfiguration).Authority.AuthorityInfo.IsWsTrustFlowSupported);
}

[TestMethod]
Expand Down

0 comments on commit 88df640

Please sign in to comment.