search

AzureAD / microsoft-authentication-library-for-java

Microsoft Authentication Library (MSAL) for Java http://aka.ms/aadv2
MIT License
288 stars 145 forks source link

[Bug] Service Fabric MI Auth doesn't validate server cert. #758

Closed bgavrilMS closed 8 months ago

bgavrilMS commented 11 months ago

Library version used

1.14.4-beta

Java version

8

Scenario

ManagedIdentityClient - managed identity

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

Have a look at Azure Identity code here: https://github.com/Azure/azure-sdk-for-java/blob/main/sdk/identity/azure-identity/src/main/java/com/azure/identity/implementation/IdentityClient.java#L1032

Relevant code snippets

No response

Expected behavior

No response

Identity provider

Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)

Regression

No response

Solution and workarounds

Note that any solution should still offer HttpClient extensiblity. So we can't just use MSAL's internal HTTP Client stack. Needs a bit of design first.

See equivalent .NET issue: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4462

bgavrilMS commented 11 months ago

We have agreed with Azure SDK to not extend the HttpClient factory for this. It is acceptable for MSAL use it's own HttpClient that doesn't go through the extensibility pipeline.

Retry policies etc. are still required.

Avery-Dunn commented 8 months ago

Fixed in https://github.com/AzureAD/microsoft-authentication-library-for-java/pull/791 and released in msal4j 1.15.0