microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Implement Credential-Based Managed Identity Authentication

Open gladjohn opened this issue 1 year ago • 1 comments

Fixes #4411

Changes proposed in this request

  • This new implementation focuses on supporting Managed Identity authentication using credentials. It caters specifically to scenarios where Managed Identity is utilized using a machine key as a source
  • MSAL creates an in-memory certificate using the MI key, uses the certificate to get the credential, passes the credential as an assertion to ESTS-R over MTLS with the same certificate
  • HttpManager changes have been made to support MTLS
  • Added NET472, as this is the minimum supported for MI with credential as a source
  • Adds claims and capabilities support for Managed Identity
  • Supports SLC on Windows VMs where a software or a machine key has been provisioned

Please review SLC board for a full list of work items.

Testing

  • unit tests
  • need to add integration tests

Performance impact none

Documentation n/a

gladjohn avatar Jan 29 '24 01:01 gladjohn

re "Documentation: n/a". this adds new public apis. how can there be no associated documentation?

SimonCropp avatar Jan 29 '24 02:01 SimonCropp

@gladjohn Should this be set to draft; you're splitting it into a separate PR?

pmaytak avatar Apr 11 '24 07:04 pmaytak