You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Continuation of #2152
Describe the solution you'd like
MSAL should search for the "wsdl:definitions" node within the provided federation metadata document during WS-Trust instead of assuming it is always the top node. WHile ADFS provided by Microsoft will always follow this pattern, third party IDPs may not which can cause authentication errors.
MSAL should search for the node in the Federation metadata provided by either the endpoint or the WithFederationMetadata(string federationMetadata) api instead of assuming that the top node will always have the metadata.
This will enable third party IDPs to provide federation metadata in a slightly different format.
Alternatives
MSAL can provide an api that enables developers to provide the parent node of the XML node that contains the required "wsdl:definitions". If the required node is the top node this api should not be used as MSAL already searches the top node by default.
The text was updated successfully, but these errors were encountered:
trwalke
changed the title
[Feature Request] Enable developers to specify the location of the required metadata in the federation metadata XML during WS-Trust flows.
[Feature Request] [M] Enable developers to specify the location of the required metadata in the federation metadata XML during WS-Trust flows.
May 27, 2021
There is still an ongoing discussion on whether or not MSAL should provide the api for this or do it internally in Email
bgavrilMS
changed the title
[Feature Request] [M] Enable developers to specify the location of the required metadata in the federation metadata XML during WS-Trust flows.
[Feature Request] [M] MSAL improves search of metadata in the federation metadata XML during WS-Trust flows.
May 27, 2021
Is your feature request related to a problem? Please describe.
Continuation of #2152
Describe the solution you'd like
MSAL should search for the "wsdl:definitions" node within the provided federation metadata document during WS-Trust instead of assuming it is always the top node. WHile ADFS provided by Microsoft will always follow this pattern, third party IDPs may not which can cause authentication errors.
MSAL should search for the node in the Federation metadata provided by either the endpoint or the WithFederationMetadata(string federationMetadata) api instead of assuming that the top node will always have the metadata.
This will enable third party IDPs to provide federation metadata in a slightly different format.
The location where this parsing occurs is here:
microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/WsTrust/MexDocument.cs
Line 82 in 0d53f3e
here:
microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/WsTrust/MexDocument.cs
Line 138 in 0d53f3e
and here:
microsoft-authentication-library-for-dotnet/src/client/Microsoft.Identity.Client/WsTrust/MexDocument.cs
Line 197 in 0d53f3e
Alternatives
MSAL can provide an api that enables developers to provide the parent node of the XML node that contains the required "wsdl:definitions". If the required node is the top node this api should not be used as MSAL already searches the top node by default.
The text was updated successfully, but these errors were encountered: