BrentSchmaltz
BrentSchmaltz
**Which version of Microsoft Identity Web are you using?** master This code [here](https://github.com/AzureAD/microsoft-identity-web/blob/9b159ba02f3b38d62777ed21b71704dfd84e538d/src/Microsoft.Identity.Web.Certificate/DefaultCertificateLoader.cs#L327) will choose the 'first' one. This leads to a race condition, that may be hard to detect....
**Which version of Microsoft Identity Web are you using?** master **Where is the issue?** Certificate doesn't load, and user is not informed. To Repo 1. put a certificate that has...
**Is your feature request related to a problem? Please describe.** A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]. Collections, Dictionaries, Lists all...
**Which version of Microsoft.IdentityModel are you using?** dev branch * [x ] M.IM.Validators This code here: https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/8be6a0a2323a441a5c69fc42c449b2b0bc79ddef/src/Microsoft.IdentityModel.Validators/AadIssuerValidator/AadIssuerValidator.cs#L160 ```csharp public static AadIssuerValidator GetAadIssuerValidator(string aadAuthority, HttpClient httpClient) { if(string.IsNullOrEmpty(aadAuthority)) throw LogHelper.LogArgumentNullException(nameof(aadAuthority)); if...
https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/b45a5b4cf4e918ca2b2c12ff1951f1be7b592bac/src/Microsoft.IdentityModel.Tokens/TokenValidationParameters.cs#L99 This delegate takes the securitytoken as a string. This requires the users to do some work to determine the token type and logic as different token types { JWT,...
Testcase "Valid0KeysReturned" needs to be reenabled see: PopKeyResolvingTests.GetPopKeysFromJkuAsync
Test started failing on a regular basis.
Saml2 tokens can have encrypted assertions, we didn't get them into 5.2.0.
Current support for KeyInfo is limited to X509Data. SecurityTokenReference is used for thumbprints Others may be useful such as Subject, etc... See https://www.w3.org/TR/2001/PR-xmldsig-core-20010820/#sec-KeyInfo for additional types.
Currently even a simple setting requires rebuilding. It's possible that application developers could work around this, but it means everyone has to write the code. When deploying, this would allow...
see: https://github.com/aspnet/Security/issues/1852#issuecomment-427673049 for details. Short story is ADFS has defined a separate "access_token_issuer" in metadata to validate against for the issuer.