microsoft-authentication-library-for-java [Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme

[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme

Open bgavrilMS opened this issue 1 year ago • 0 comments

MSAL client type

Confidential

Problem Statement

When MSAL creates the client assertion, it uses PKCS1 padding for digital signature and SHA1 as x5t claim. These are old crypto algorithms and we need to move to newer versions. The STS is building support.

See ESTS work items :

https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2655345 https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2704466

Proposed solution

Use x5t#s256 and PSS padding when talking to ESTS, CIAM, B2C(?) but not with ADFS.

Original issue: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4428

Dec 14 '23 19:12 bgavrilMS

microsoft-authentication-library-for-java microsoft-authentication-library-for-java copied to clipboard

[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme

MSAL client type

Problem Statement

Proposed solution

Original issue: https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4428

microsoft-authentication-library-for-java
microsoft-authentication-library-for-java copied to clipboard