Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] [M] WithTenant ignored, resulting in CA failures for multi-tenant apps #2543

Closed
bgavrilMS opened this issue Apr 12, 2021 · 1 comment · Fixed by #2666
Closed

[Bug] [M] WithTenant ignored, resulting in CA failures for multi-tenant apps #2543

bgavrilMS opened this issue Apr 12, 2021 · 1 comment · Fixed by #2666
Assignees
@bgavrilMS
Labels
bug good first issue P2 workaround exists
Milestone
4.32.0

Comments

@bgavrilMS
Copy link
Member

bgavrilMS commented Apr 12, 2021
edited
Loading

MSAL 4.29 with WAM on UWP

Repro

var options = new PublicClientApplicationOptions();
             options.ClientId = token.ClientId;                            // “110797d6-4a5e-4e58-a06d-f1bf3f3a8069”

            var app = PublicClientApplicationBuilder
                .CreateWithApplicationOptions(options)
                .WithTenantId(token.TenantId)                             //The tenantId passed here (“3cfc49f9-956e-4e4e-a1b6-e03368c2e448”)
                .WithAuthority(token.AuthorityEndpoint)          //Set to the “common” endpoint “https://login.microsoftonline.com/common”
                .WithExperimentalFeatures(true)
               .WithBroker(true)
              
               .Build();

Expected: AcquireToken* should work for user
Actual: AcquireToken* fails because the authority passed to WAM ends in "common", instead of the tenanted one, causing issues with Conditional Access

Workaround

Use a tenanted authority instead, i.e. https://login.microsoftonline.com/3cfc49f9-956e-4e4e-a1b6-e03368c2e448
@bgavrilMS bgavrilMS added this to the 4.31 milestone Apr 22, 2021
@bgavrilMS bgavrilMS changed the title [Bug] [WAM] WithTenant ignored when talking to WAM, resulting in CA failures for multi-tenant apps [Bug] [M] WithTenant ignored when talking to WAM, resulting in CA failures for multi-tenant apps Apr 22, 2021
@bgavrilMS
Copy link
Member Author

bgavrilMS commented Apr 22, 2021
edited
Loading

This needs to be checked with both a browser and with WAM. Original bug was reported via WAM. Can repro on all tfms.

@pmaytak pmaytak modified the milestones: 4.31.0, 4.32.0 May 11, 2021
@bgavrilMS bgavrilMS self-assigned this May 27, 2021
@bgavrilMS bgavrilMS changed the title [Bug] [M] WithTenant ignored when talking to WAM, resulting in CA failures for multi-tenant apps [Bug] [M] WithTenant ignored, resulting in CA failures for multi-tenant apps May 27, 2021
bgavrilMS added a commit that referenced this issue May 27, 2021
@bgavrilMS
Fix for #2543 - take into account WithTenant()
2827e9b
bgavrilMS added a commit that referenced this issue May 27, 2021
@bgavrilMS
Fix for #2543 - take into account WithTenant()
8b2db69
@bgavrilMS bgavrilMS mentioned this issue May 27, 2021
Merged
@bgavrilMS bgavrilMS added the In PR label Jun 1, 2021
bgavrilMS added a commit that referenced this issue Jun 1, 2021
@bgavrilMS
Fix for #2543 - take into account WithTenant() (#2666)
a749890 
* Fix for #2543 - take into account WithTenant()

* PR
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgavrilMS bgavrilMS

Labels
bug good first issue P2 workaround exists
Projects
None yet
Milestone
4.32.0
Development

Successfully merging a pull request may close this issue.

Fix for #2543 - take into account WithTenant() AzureAD/microsoft-authentication-library-for-dotnet
2 participants
@bgavrilMS @pmaytak