Fixes the login_hint and domain_hint challenge #812
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The issue was: - we were now calling AccountController.Challenge with the login_hint and domain_hint parameters names (that is the OIDC parameter names), whereas the name of the method parameters are loginHint and domainHint. Added 2 new constants for these names. - The AccountController.Challenge method was sending the login_hint and domaint_hint to the STS as properties whereas they should be parameters (this is very subtle)
jennyf19
approved these changes
Dec 5, 2020
…change (#813) Info: Azure Pipelines hosted agents have been updated and now contain .Net 5.x SDK/Runtime along with the older .Net Core version which are currently lts. Unless you have locked down a SDK version for your project(s), 5.x SDK might be picked up which might have breaking behavior as compared to previous versions. You can learn more about the breaking changes here: https://docs.microsoft.com/en-us/dotnet/core/tools/ and https://docs.microsoft.com/en-us/dotnet/core/compatibility/ . To learn about more such changes and troubleshoot, refer here: https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/build/dotnet-core-cli?view=azure-devops#troubleshooting ##[error]Dotnet command failed with non-zero exit code on the following projects : D:\a\1\s\Microsoft.Identity.Web.sln
…AzureAD/microsoft-identity-web into jmprieur/challengeUsesLoginHint
* fix build * readd net 5
jennyf19
reviewed
Dec 6, 2020
|
SonarCloud Quality Gate failed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes the login_hint and domain_hint challenge.
This is a complement to the fix done in #798, which was not sufficient
The issue was:
MicrosoftIdentityConsentAndConditionalAccessHandler.ChallengeUserwas now callingAccountController.Challengewith thelogin_hintanddomain_hintparameters names (that is the OIDC parameter names), whereas the name of the method parameters areloginHintanddomainHint. Added 2 new constants inConstantsfor these two method parameters names.AccountController.Challengemethod was sending thelogin_hintanddomaint_hintto the STS as properties whereas they should be parameters (this is a very subtle behavior of the OpenIdConnectMessage)Tested on Caleb's application. The user is no longer requested to sign-in.
We probably need to check on the tests samples, but this should really improve the SSO experience