Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FEATURE REQ] Add support for Managed Identity regional AAD authentication endpoints Azure.Identity #20027

Closed
ctstone opened this issue Apr 1, 2021 · 1 comment · Fixed by #21590
Closed

[FEATURE REQ] Add support for Managed Identity regional AAD authentication endpoints Azure.Identity #20027

ctstone opened this issue Apr 1, 2021 · 1 comment · Fixed by #21590
Assignees
@schaabs
Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.

Comments

@ctstone
Copy link
Member

ctstone commented Apr 1, 2021

Library or service name.
Azure.Identity

Is your feature request related to a problem? Please describe.
The guidance from the Azure IAM wiki for service teams using MI is to authenticate using a regional endpoint (e.g. https://eastus2euap.login.microsoft.com). However, the MSAL example given in the wiki uses APIs that are not currently exposed/used by MsalConfidentialClient, namely WithAuthority(Uri, bool) and WithInstanceDicoveryMetadata(string).

Today, when using the regional AAD endpoint with Azure.Identity (using a ClientCertificateCredential), we see an error Application error - the login request was malformed and could not be matched with an existing authentication endpoint or instance. The error goes away when using a global endpoint (https://login.microsoftonline.com/).

It would be good see guidance on using the regional authentication endpoint with Azure.Identity.
@ghost ghost added the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Apr 1, 2021
@jsquire jsquire added Azure.Identity Client This issue points to a problem in the data-plane of the library. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Apr 1, 2021
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Apr 1, 2021
@jsquire
Copy link
Member

jsquire commented Apr 1, 2021

Thank you for your feedback. Tagging and routing to the team member best able to assist.

@christothes christothes added feature-request This issue requires a new behavior in the product in order be resolved. and removed needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team labels Apr 6, 2021
This was referenced May 3, 2021
Closed
Closed
Closed
Closed
Closed
@schaabs schaabs mentioned this issue Jun 7, 2021
Merged
@sadasant sadasant mentioned this issue Jun 16, 2021
Closed
This was referenced Jun 17, 2021
Closed
Closed
Closed
@github-actions github-actions bot locked and limited conversation to collaborators Mar 27, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@schaabs schaabs

Labels
Azure.Identity Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Identity] Adding regional STS support schaabs/azure-sdk-for-net
4 participants
@jsquire @christothes @ctstone @schaabs