Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug] Can't use broker mode with adfs authority #5017

Open
SinLexT opened this issue Dec 12, 2024 · 2 comments
Open

[Bug] Can't use broker mode with adfs authority #5017

SinLexT opened this issue Dec 12, 2024 · 2 comments

Comments

@SinLexT
Copy link

SinLexT commented Dec 12, 2024

Library version used

4.66.2

.NET version

.NET 8

Scenario

PublicClient - mobile app

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

I want to achive cross app sso so that my outlook android app is auto logged in with my adfs account.

I use exchange 2019, ADFS 2019, and windows server 2022.

Here are the error from debug output in vs 2022

[0:] ====
ERROR => MSAL.Xamarin.Android.4.66.2.0.MsalServiceException:
ErrorCode: unknown_error
Microsoft.Identity.Client.MsalServiceException: Broker response returned error: com.microsoft.identity.common.java.authorities.ActiveDirectoryFederationServicesAuthority cannot be cast to com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.ValidateResponseFromBroker(MsalTokenResponse msalTokenResponse)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken)
at RecipesApp.MainPage.OnLoginClicked(Object sender, EventArgs e) in C:\MyPath\MainPage.xaml.cs:line 28
StatusCode: 0
ResponseBody:
Headers:

Relevant code snippets

try
            {
                var publicClientApplicationBuilder = PublicClientApplicationBuilder
                    .Create("my_client_id_generated_from_adfs")
#if ANDROID || IOS
                    .WithBroker()
#endif
                    .WithAdfsAuthority("https://adfs.mydomain.com/adfs)
                    .WithRedirectUri($"msauth://com.test.app/my_encoded_base_64")
                    .Build();

                var authResult = await publicClientApplicationBuilder.AcquireTokenInteractive({"email"})
                   .WithParentActivityOrWindow(EntraConfig.ParentWindow)
                   .ExecuteAsync().ConfigureAwait(false);

                Debug.WriteLine($"SUCCESS => {authResult.AccessToken}");
                Debug.WriteLine($"SUCCESS => {authResult}");

            }
            catch (Exception ex)
            {
                Debug.WriteLine($"====\nERROR => {ex}\n====");
            }

Expected behavior

No response

Identity provider

Azure Active Directory Federation Services (ADFS)

Regression

No response

Solution and workarounds

No response

@SinLexT SinLexT added needs attention Delete label after triage untriaged Do not delete. Needed for Automation labels Dec 12, 2024
@bgavrilMS bgavrilMS added bug P3 and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Dec 20, 2024
@fengga
Copy link
Contributor

fengga commented Dec 31, 2024

Verified by Android broker folks that ADFS authority is not supported yet.

https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/e29fcf192012a8cd802d5c3b917f5051d142c1bb/common4j/src/main/com/microsoft/identity/common/java/authorities/ActiveDirectoryFederationServicesAuthority.java#L47

I'm considering close this issue. If you need ADFS flows, please talk to Android broker team.

@rayluo
Copy link
Contributor

rayluo commented Jan 8, 2025

If our implementation can already support detecting adfs authority, we can probably also automatically bypass broker. That is what we did in MSAL Python. @fengga

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants