msgraph-sdk-dotnet icon indicating copy to clipboard operation
msgraph-sdk-dotnet copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Using Graph API creation of Saml SSO instigation with assertion encryption fails on KeyCredentials with usage equal `Encrypt`

Open plachor opened this issue 1 year ago • 2 comments

Hi, I am trying to update Graph from 4.54.0 to 5.8.0. In previous version I was able to setup an enterprise application with SAML SSO that would encrypt assertion with public key delivered by service provider.

Patch that I used to setup certificates looked like:

graphClient.Applications[applicationReference.ApplicationId.ToString()].Request().UpdateAsync(new Application
{
    Web = new WebApplication
    {
        RedirectUris = ..,
        LogoutUrl = ..
    },
    IdentifierUris = new[]
    {
        ..
    },
    
    KeyCredentials = [KEY_CREDENTIALS],
    TokenEncryptionKeyId = [ENCRYPTION_KEY_ID]
});

Within KEY_CREDENTIALS I passed 3 AsymmetricX509Cert keys with following usages: Sign, Verify and Encrypt. Id of last one was also configured as ENCRYPTION_KEY_ID.

This was working fine for me under 4.54.0 version. However after upgrade during patch I end with Request_BadRequest:

The value for the property "usage" in one of your credentials is invalid. Acceptable values are Sign, Verify.

Is it a bug ? Or after upgrade to v5 I should configure encryption key in different request ?

plachor avatar May 02 '23 14:05 plachor

Thanks for raising this @plachor

Any chance you could share a sample of how you are performing the request in V5 of the SDK?

andrueastman avatar May 04 '23 11:05 andrueastman

Sure similar to v4,

graphClient.Applications[applicationReference.ApplicationId.ToString()].PatchAsync(new Application
{
    Web = new WebApplication
    {
        RedirectUris = ..,
        LogoutUrl = ..
    },
    IdentifierUris = new List<string>
    {
        ..
    },

    KeyCredentials = [KEY_CREDENTIALS],
    TokenEncryptionKeyId = [ENCRYPTION_KEY_ID]
});

plachor avatar May 04 '23 12:05 plachor

@plachor Any chance you can confirm if this is reproducible with the latest version of the SDK?

andrueastman avatar Apr 12 '24 09:04 andrueastman

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

microsoft-github-policy-service[bot] avatar Apr 16 '24 10:04 microsoft-github-policy-service[bot]