Open sebader opened 1 month ago
@bgavrilMS looks like MSAL is not doing the same as Azure SDK...can you take a look? Thanks.
@bgavrilMS @jennyf19 any update on this? We are started to getting flagged for not updating to the latest available version of the SDK... Thanks!
@bgavrilMS looks like MSAL is not doing the same as Azure SDK...can you take a look? Thanks.
@jennyf19 - ID.Web certificateless is not (yet) using MSAL. The failure on STEP 2 is not controllable by MSAL.
@sebader - federation through AKS is not the same as through Managed Identity. Can you try to use "SourceType": "SignedAssertionFilePath" ?
https://github.com/AzureAD/microsoft-identity-web/wiki/v2.0#common-configuration
@sebader - federation through AKS is not the same as through Managed Identity. Can you try to use "SourceType": "SignedAssertionFilePath" ?
https://github.com/AzureAD/microsoft-identity-web/wiki/v2.0#common-configuration
I can give that a try. Why was this working in previous versions, though, without any additional configuration?
Please also review the revised documentation on FICs @sebader https://review.learn.microsoft.com/en-us/identity/microsoft-identity-platform/federated-identity-credentials?branch=main&tabs=dotnet
I think the way you use the API ... you need to refer to https://github.com/AzureAD/microsoft-identity-web/blob/master/src/Microsoft.Identity.Web.Certificateless/AzureIdentityForKubernetesClientAssertion.cs instead of ManagedIdentityClientAssertion
Using AzureIdentityForKubernetesClientAssertion
sounds like the right path. What I'm missing there: How can I set the clientId
when using that? We have multiple MSIs federated with one Workload Identity, so we need to specify the clientId. On ManagedIdentityClientAssertion
you could set that in the ctor.
Microsoft.Identity.Web Library
Microsoft.Identity.Web
Microsoft.Identity.Web version
2.18.1
Web app
Not Applicable
Web API
Protected web APIs call downstream web APIs
Token cache serialization
In-memory caches
Description
I might have found a regression from https://github.com/AzureAD/microsoft-identity-web/pull/2797
I'm using
Microsoft.Identity.ServiceEssentials.AspNetCore
and just updated that to version1.25.0
(prior I was using 1.24.0). This under the hood referencesMicrosoft.Identity.Web
2.18.1
Tagging @jennyf19
Reproduction steps
Running on AKS with Workload Identity
Error message
Id Web logs
No response
Relevant code snippets
Regression
Microsoft.Identity.Web 2.17.5
Expected behavior
Working token flow