Merge branch 'dev' of https://github.com/AzureAD/microsoft-authentica…

…tion-library-for-java into avdunn/claims-refresh-fix

README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.15.0
+Current version - 1.16.2
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/main/msal4j-sdk/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.15.0</version>
+    <version>1.16.2</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.15.0'
+implementation group: 'com.microsoft.azure', name: 'com.microsoft.aad.msal4j', version: '1.16.2'
 ```
 
 ## Usage

changelog.txt

@@ -1,3 +1,23 @@
+Version 1.16.2
+=============
+- Use SHA256 thumbprints in non-ADFS cert flows (#840)
+- Reduce logging level of cache miss messages (#844)
+- Make ManagedIdentitySourceType enum public (#845)
+
+Version 1.16.1
+=============
+- Add missing refreshOn metadata (#838)
+
+Version 1.16.0
+=============
+- Fix breaking API changes introduced in v1.15.0 (#828)
+- Expose refreshOn parameter in AuthenticationResultMetadata (#829)
+
+Version 1.15.1
+=============
+- Fix to correctly use custom SSLSocketFactory (#821)
+- Add public API to determine the Managed Identity environment (#823)
+
 Version 1.15.0
 =============
 - GA support for Azure managed identity scenarios

msal4j-persistence-extension/pom.xml

@@ -38,7 +38,7 @@
         <dependency>
             <groupId>com.microsoft.azure</groupId>
             <artifactId>msal4j</artifactId>
-            <version>1.15.0</version>
+            <version>1.15.1</version>
         </dependency>
 
         <dependency>

msal4j-sdk/README.md

@@ -16,7 +16,7 @@ Quick links:
 The library supports the following Java environments:
 - Java 8 (or higher)
 
-Current version - 1.15.0
+Current version - 1.16.2
 
 You can find the changes for each version in the [change log](https://github.com/AzureAD/microsoft-authentication-library-for-java/blob/master/changelog.txt).
 
@@ -28,13 +28,13 @@ Find [the latest package in the Maven repository](https://mvnrepository.com/arti
 <dependency>
     <groupId>com.microsoft.azure</groupId>
     <artifactId>msal4j</artifactId>
-    <version>1.15.0</version>
+    <version>1.16.2</version>
 </dependency>
 ```
 ### Gradle
 
 ```gradle
-compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.15.0'
+compile group: 'com.microsoft.azure', name: 'msal4j', version: '1.16.2'
 ```
 
 ## Usage

msal4j-sdk/bnd.bnd

@@ -1,2 +1,2 @@
-Export-Package: com.microsoft.aad.msal4j;version="1.15.0"
+Export-Package: com.microsoft.aad.msal4j;version="1.16.2"
 Automatic-Module-Name: com.microsoft.aad.msal4j

msal4j-sdk/pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.microsoft.azure</groupId>
 	<artifactId>msal4j</artifactId>
-	<version>1.15.0</version>
+	<version>1.16.2</version>
 	<packaging>jar</packaging>
 	<name>msal4j</name>
 	<description>
@@ -171,6 +171,33 @@
     <build>
         <sourceDirectory>${project.build.directory}/delombok</sourceDirectory>
         <plugins>
+            <plugin>
+                <groupId>org.revapi</groupId>
+                <artifactId>revapi-maven-plugin</artifactId>
+                <version>0.15.0</version>
+                <configuration>
+                    <analysisConfiguration>
+                        <revapi.java>
+                            <checks>
+                                <failBuildOnProblemsFound>false</failBuildOnProblemsFound>
+                            </checks>
+                        </revapi.java>
+                    </analysisConfiguration>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.revapi</groupId>
+                        <artifactId>revapi-java</artifactId>
+                        <version>0.28.1</version>
+                    </dependency>
+                </dependencies>
+                <executions>
+                    <execution>
+                        <id>check</id>
+                        <goals><goal>check</goal></goals>
+                    </execution>
+                </executions>
+            </plugin>
             <plugin>
                 <groupId>org.projectlombok</groupId>
                 <artifactId>lombok-maven-plugin</artifactId>

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AcquireTokenInteractiveIT.java

@@ -80,24 +80,6 @@ void acquireTokenInteractive_ADFSv4_Federated(String environment) {
         assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
     }
 
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    void acquireTokenInteractive_ADFSv3_Federated(String environment) {
-        cfg = new Config(environment);
-
-        User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
-    }
-
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    void acquireTokenInteractive_ADFSv2_Federated(String environment) {
-        cfg = new Config(environment);
-
-        User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope());
-    }
-
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
     void acquireTokenWithAuthorizationCode_B2C_Local(String environment) {

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/AuthorizationCodeIT.java

@@ -81,24 +81,6 @@ public void acquireTokenWithAuthorizationCode_ADFSv4_Federated(String environmen
         assertAcquireTokenAAD(user, null);
     }
 
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    public void acquireTokenWithAuthorizationCode_ADFSv3_Federated(String environment) {
-        cfg = new Config(environment);
-
-        User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_3);
-        assertAcquireTokenAAD(user, null);
-    }
-
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    public void acquireTokenWithAuthorizationCode_ADFSv2_Federated(String environment) {
-        cfg = new Config(environment);
-
-        User user = labUserProvider.getFederatedAdfsUser(cfg.azureEnvironment, FederationProvider.ADFS_2);
-        assertAcquireTokenAAD(user, null);
-    }
-
     @ParameterizedTest
     @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
     public void acquireTokenWithAuthorizationCode_B2C_Local(String environment) {

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/ClientCredentialsIT.java

@@ -40,7 +40,7 @@ void init() throws CertificateException, UnrecoverableKeyException, NoSuchAlgori
 
     @Test
     void acquireTokenClientCredentials_ClientCertificate() throws Exception {
-        String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
+        String clientId = TestConstants.MSIDLAB_CLIENT_ID;
         assertAcquireTokenCommon(clientId, certificate, TestConstants.MICROSOFT_AUTHORITY);
     }
 
@@ -49,14 +49,14 @@ void acquireTokenClientCredentials_ClientSecret() throws Exception {
         AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.AZURE);
         final String clientId = appProvider.getLabVaultAppId();
         final String password = appProvider.getLabVaultPassword();
-        IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
+        IClientCredential credential = CertificateHelper.getClientCertificate();
 
         assertAcquireTokenCommon(clientId, credential, TestConstants.MICROSOFT_AUTHORITY);
     }
 
     @Test
     void acquireTokenClientCredentials_ClientAssertion() throws Exception {
-        String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
+        String clientId = TestConstants.MSIDLAB_CLIENT_ID;
 
         ClientAssertion clientAssertion = getClientAssertion(clientId);
 
@@ -90,7 +90,7 @@ void acquireTokenClientCredentials_ClientSecret_Ciam() throws Exception {
 
     @Test
     void acquireTokenClientCredentials_Callback() throws Exception {
-        String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
+        String clientId = TestConstants.MSIDLAB_CLIENT_ID;
 
         // Creates a valid client assertion using a callback, and uses it to build the client app and make a request
         Callable<String> callable = () -> {
@@ -116,11 +116,9 @@ void acquireTokenClientCredentials_Callback() throws Exception {
     void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception {
         AppCredentialProvider appProvider = new AppCredentialProvider(AzureEnvironment.AZURE);
         final String clientId = appProvider.getLabVaultAppId();
-        final String password = appProvider.getLabVaultPassword();
-        IClientCredential credential = ClientCredentialFactory.createFromSecret(password);
 
         ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
-                clientId, credential).
+                clientId, CertificateHelper.getClientCertificate()).
                 authority(TestConstants.MICROSOFT_AUTHORITY).
                 build();
 
@@ -152,7 +150,7 @@ void acquireTokenClientCredentials_DefaultCacheLookup() throws Exception {
 
     @Test
     void acquireTokenClientCredentials_Regional() throws Exception {
-        String clientId = "2afb0add-2f32-4946-ac90-81a02aa4550e";
+        String clientId = TestConstants.MSIDLAB_CLIENT_ID;
 
         assertAcquireTokenCommon_withRegion(clientId, certificate, "westus", TestConstants.REGIONAL_MICROSOFT_AUTHORITY_BASIC_HOST_WESTUS);
     }
@@ -162,7 +160,7 @@ private ClientAssertion getClientAssertion(String clientId) {
                 clientId,
                 (ClientCertificate) certificate,
                 "https://login.microsoftonline.com/common/oauth2/v2.0/token",
-                true);
+                true, false);
     }
 
     private void assertAcquireTokenCommon(String clientId, IClientCredential credential, String authority) throws Exception {

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/TestConstants.java

@@ -9,8 +9,9 @@
 
 public class TestConstants {
     public final static String KEYVAULT_DEFAULT_SCOPE = "https://vault.azure.net/.default";
-    public final static String MSIDLAB_DEFAULT_SCOPE = "https://msidlab.com/.default";
+    public final static String MSIDLAB_DEFAULT_SCOPE = "https://request.msidlab.com/.default";
     public final static String MSIDLAB_VAULT_URL = "https://msidlabs.vault.azure.net/";
+    public final static String MSIDLAB_CLIENT_ID = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
     public final static String GRAPH_DEFAULT_SCOPE = "https://graph.windows.net/.default";
     public final static String USER_READ_SCOPE = "user.read";
     public final static String DEFAULT_SCOPE = ".default";
@@ -54,6 +55,7 @@ public class TestConstants {
     public final static String B2C_READ_SCOPE = "https://msidlabb2c.onmicrosoft.com/msidlabb2capi/read";
     public final static String B2C_MICROSOFTLOGIN_AUTHORITY = "https://msidlabb2c.b2clogin.com/tfp/msidlabb2c.onmicrosoft.com/";
     public final static String B2C_MICROSOFTLOGIN_ROPC = B2C_MICROSOFTLOGIN_AUTHORITY + B2C_ROPC_POLICY;
+    public final static String B2C_UPN = "b2clocal@msidlabb2c.onmicrosoft.com";
 
     public final static String LOCALHOST = "http://localhost:";
 

msal4j-sdk/src/integrationtest/java/com.microsoft.aad.msal4j/UsernamePasswordIT.java

@@ -78,36 +78,6 @@ void acquireTokenWithUsernamePassword_ADFSv4(String environment) throws Exceptio
         assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
     }
 
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    void acquireTokenWithUsernamePassword_ADFSv3(String environment) throws Exception {
-        cfg = new Config(environment);
-
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_3);
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.FEDERATED);
-
-        User user = labUserProvider.getLabUser(query);
-
-        assertAcquireTokenCommon(user, cfg.organizationsAuthority(), cfg.graphDefaultScope(), user.getAppId());
-    }
-
-    @ParameterizedTest
-    @MethodSource("com.microsoft.aad.msal4j.EnvironmentsProvider#createData")
-    void acquireTokenWithUsernamePassword_ADFSv2(String environment) throws Exception {
-        cfg = new Config(environment);
-
-        UserQueryParameters query = new UserQueryParameters();
-        query.parameters.put(UserQueryParameters.AZURE_ENVIRONMENT, cfg.azureEnvironment);
-        query.parameters.put(UserQueryParameters.FEDERATION_PROVIDER, FederationProvider.ADFS_2);
-        query.parameters.put(UserQueryParameters.USER_TYPE, UserType.FEDERATED);
-
-        User user = labUserProvider.getLabUser(query);
-
-        assertAcquireTokenCommonAAD(user);
-    }
-
     @Test
     void acquireTokenWithUsernamePassword_AuthorityWithPort() throws Exception {
         User user = labUserProvider.getDefaultUser();

msal4j-sdk/src/integrationtest/java/infrastructure/SeleniumExtensions.java

@@ -3,6 +3,7 @@
 
 package infrastructure;
 
+import com.microsoft.aad.msal4j.TestConstants;
 import labapi.FederationProvider;
 import labapi.LabConstants;
 import labapi.User;
@@ -76,14 +77,6 @@ public static void performADOrCiamLogin(WebDriver driver, User user) {
         LOG.info("Loggin in ... Clicking <Next> after username");
         driver.findElement(new By.ById(fields.getAadSignInButtonId())).click();
 
-        if (user.getFederationProvider().equals(FederationProvider.ADFS_2) &&
-                !user.getLabName().equals(LabConstants.ARLINGTON_LAB_NAME)) {
-
-            LOG.info("Loggin in ... ADFS-V2 - Entering the username in ADFSv2 form");
-            driver.findElement(new By.ById(SeleniumConstants.ADFSV2_WEB_USERNAME_INPUT_ID)).
-                    sendKeys(user.getUpn());
-        }
-
         LOG.info("Loggin in ... Entering password");
         By by = new By.ById(fields.getPasswordInputId());
         waitForElementToBeVisibleAndEnable(driver, by).sendKeys(user.getPassword());
@@ -155,7 +148,7 @@ public static void performLocalLogin(WebDriver driver, User user) {
         driver.findElement(new By.ById(SeleniumConstants.B2C_LOCAL_ACCOUNT_ID)).click();
 
         LOG.info("Loggin in ... Entering username");
-        driver.findElement(new By.ById(SeleniumConstants.B2C_LOCAL_USERNAME_ID)).sendKeys(user.getUpn());
+        driver.findElement(new By.ById(SeleniumConstants.B2C_LOCAL_USERNAME_ID)).sendKeys(TestConstants.B2C_UPN);
 
         LOG.info("Loggin in ... Entering password");
         By by = new By.ById(SeleniumConstants.B2C_LOCAL_PASSWORD_ID);

msal4j-sdk/src/integrationtest/java/infrastructure/UserInformationFields.java

@@ -44,20 +44,10 @@ String getADFS2019UserNameInputId() {
 
     private void determineFieldIds() {
         switch (user.getFederationProvider()) {
-            case FederationProvider.ADFS_3:
             case FederationProvider.ADFS_2019:
                 passwordInputId = SeleniumConstants.ADFS2019_PASSWORD_ID;
                 passwordSigInButtonId = SeleniumConstants.ADFS2019_SUBMIT_ID;
                 break;
-            case FederationProvider.ADFS_2:
-                if (LabConstants.ARLINGTON_LAB_NAME.equals(user.getLabName())) {
-                    passwordInputId = SeleniumConstants.ADFSV2_ARLINGTON_WEB_PASSWORD_INPUT_ID;
-                    passwordSigInButtonId = SeleniumConstants.ADFSV2_ARLINGTON_WEB_SUBMIT_BUTTON_ID;
-                } else {
-                    passwordInputId = SeleniumConstants.ADFSV2_WEB_PASSWORD_INPUT_ID;
-                    passwordSigInButtonId = SeleniumConstants.ADFSV2_WEB_SUBMIT_BUTTON_ID;
-                }
-                break;
             case FederationProvider.ADFS_4:
                 passwordInputId = SeleniumConstants.ADFSV4_WEB_PASSWORD_ID;
                 passwordSigInButtonId = SeleniumConstants.ADFSV4_WEB_SUBMIT_ID;

msal4j-sdk/src/integrationtest/java/labapi/FederationProvider.java

@@ -6,12 +6,8 @@
 public class FederationProvider {
 
     public static final String NONE = "none";
-    public static final String ADFS_2 = "adfsv2";
-    public static final String ADFS_3 = "adfsv3";
     public static final String ADFS_4 = "adfsv4";
     public static final String ADFS_2019 = "adfsv2019";
-    public static final String PING = "ping";
-    public static final String SHIBBOLETH = "shibboleth";
     public static final String CIAM = "ciam";
 
 }

msal4j-sdk/src/integrationtest/java/labapi/KeyVaultSecretsProvider.java

@@ -21,8 +21,8 @@ public class KeyVaultSecretsProvider {
 
     private final SecretClient secretClient;
 
-    private static final String CLIENT_ID = "2afb0add-2f32-4946-ac90-81a02aa4550e";
-    public static String CERTIFICATE_ALIAS = "MsalJavaAutomationRunner";
+    private static final String CLIENT_ID = TestConstants.MSIDLAB_CLIENT_ID;
+    public static String CERTIFICATE_ALIAS = "LabAuth.MSIDLab.com";
 
     private static final String WIN_KEYSTORE = "Windows-MY";
     private static final String KEYSTORE_PROVIDER = "SunMSCAPI";
@@ -66,7 +66,7 @@ private AccessToken requestAccessTokenForAutomation() {
         try {
             ConfidentialClientApplication cca = ConfidentialClientApplication.builder(
                             CLIENT_ID, getClientCredentialFromKeyStore()).
-                    authority(TestConstants.MICROSOFT_AUTHORITY).
+                    authority(TestConstants.MICROSOFT_AUTHORITY).sendX5c(true).
                     build();
             result = cca.acquireToken(ClientCredentialParameters
                             .builder(Collections.singleton(TestConstants.KEYVAULT_DEFAULT_SCOPE))
@@ -82,7 +82,7 @@ CLIENT_ID, getClientCredentialFromKeyStore()).
         }
     }
 
-    private IClientCredential getClientCredentialFromKeyStore() {
+    IClientCredential getClientCredentialFromKeyStore() {
         PrivateKey key;
         X509Certificate publicCertificate;
         try {