msgraph-sdk-dotnet
msgraph-sdk-dotnet copied to clipboard
Using Graph API creation of Saml SSO instigation with assertion encryption fails on KeyCredentials with usage equal `Encrypt`
Hi, I am trying to update Graph from 4.54.0
to 5.8.0
. In previous version I was able to setup an enterprise application with SAML SSO that would encrypt assertion with public key delivered by service provider.
Patch that I used to setup certificates looked like:
graphClient.Applications[applicationReference.ApplicationId.ToString()].Request().UpdateAsync(new Application
{
Web = new WebApplication
{
RedirectUris = ..,
LogoutUrl = ..
},
IdentifierUris = new[]
{
..
},
KeyCredentials = [KEY_CREDENTIALS],
TokenEncryptionKeyId = [ENCRYPTION_KEY_ID]
});
Within KEY_CREDENTIALS
I passed 3 AsymmetricX509Cert
keys with following usages: Sign
, Verify
and Encrypt
. Id of last one was also configured as ENCRYPTION_KEY_ID
.
This was working fine for me under 4.54.0
version. However after upgrade during patch I end with Request_BadRequest
:
The value for the property "usage" in one of your credentials is invalid. Acceptable values are Sign, Verify.
Is it a bug ? Or after upgrade to v5 I should configure encryption key in different request ?
Thanks for raising this @plachor
Any chance you could share a sample of how you are performing the request in V5 of the SDK?
Sure similar to v4,
graphClient.Applications[applicationReference.ApplicationId.ToString()].PatchAsync(new Application
{
Web = new WebApplication
{
RedirectUris = ..,
LogoutUrl = ..
},
IdentifierUris = new List<string>
{
..
},
KeyCredentials = [KEY_CREDENTIALS],
TokenEncryptionKeyId = [ENCRYPTION_KEY_ID]
});
@plachor Any chance you can confirm if this is reproducible with the latest version of the SDK?
This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.