Microsoft.Authentication.WebAssembly.Msal does not work with on-prem ADFS #28956
Labels
area-blazor
Includes: Blazor, Razor Components
✔️ Resolution: Duplicate
Resolved as a duplicate of another issue
Status: Resolved
Comments
|
Thanks for contacting us. We track updating the MSAL library as part of #29010 |
mkArtakMSFT
added
the
✔️ Resolution: Duplicate
10 tasks
mkArtakMSFT
pushed a commit
that referenced
this issue
Jan 13, 2021
#### Description This PR updates the version of the MSAL.js dependency that we redistribute in our Authentication.Msal library in response to user requests and recommendation from the MSAL team. #### Technical Description This PR contains some code changes in response to some changes in type definition over in MSAL.js: - AzureAD/microsoft-authentication-library-for-js#2105 - AzureAD/microsoft-authentication-library-for-js#2512 #### Customer Impact Without these changes, if users want to pick up required bug fixes in the downstream MSAL.js library, they would have to compile their own version of JavaScript dependencies and integrate them into their project. This PR allows users to consume bug fixes blocking customer login and platform support without having to put in difficult workarounds. #### Regression? - [ ] Yes - [X] No #### Risk - [ ] High - [ ] Medium - [X] Low Change contains no breaking changes and was made on recommendation of the MSAL team. Manual verification completed. #### Verification - [X] Manual (required) - [ ] Automated Verified navigating to the authorized-only fetch data page, logging in, confirming redirect, logging out, logging in again on: - Azure B2C + Blazor WASM Hosted - Azure B2C + Blazor Standalone - Azure AAD + Blazor WASM Hosted - Azure AAD + Blazor WASM Standalone #### Packaging changes reviewed? - [ ] Yes - [ ] No - [X] N/A Addresses #29010, #28969, #28956
ghost
locked as resolved and limited conversation to collaborators
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Securing a Blazor WASM application with on-premises ADFS 2019 does not work. There are two issues that prevent it from working:
msal-browser(2.0.0) incorrectly requiresclient_infoin the token response which ADFS does not send. The login callback fails and the login process stops midway through. This is fixed in later versions ofmsal-browser.id_token_hintparameter. The misleading error logged by ADFS isThe specified redirect URL did not match any of the OAuth client's redirect URIs. The logout was successful but the client will not be redirected.Locally I have upgraded to
msal-browser2.8.0. I have also modifiedAuthenticationService.tsto store the receivedid_tokenand send it asid_token_hintwhen logging out. With that I can successfully login and logout.The text was updated successfully, but these errors were encountered: