This repository has been archived by the owner on Jul 5, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 126
AuthenticationContext
Navya Canumalla edited this page May 19, 2018
·
2 revisions
ADAL4J has one class representing a connection to Azure AD: AuthenticationContext.
An AuthenticationContext represents the authority you want to use for gaining access to resources (ie the authority you refer to when you need tokens). The AuthenticationContext is:
- a connection to the Security Token Service (STS) or authorization server , through the Authority.
AuthenticationContext constructor has three parameters:
- authority: The URL of the STS that ADAL goes to for acquiring token for resources. You can think of the authority as the directory issuing the identities/tokens. The URL is composed of https://<instance>/<tenant>, where 'instance' is the Azure AD host(such as https://login.microsoftonline.com) and 'tenant' is the domain name (such as contoso.onmicrosoft.com) or tenant ID of the directory.
- validateAuthority: A boolean flag which specifies whether to validate the authority before sending requests to it. By default, this is set to true. It is recommended to validate authority when dynamically setting an authority value for requests.
- service: is a construct that allows you to pass a task to be executed by a thread asynchronously. The executor service creates and maintains a reusable pool of threads for executing submitted tasks. In the case of ADAL, it will be asynchronous calls to acquire tokens.
The authority needs to be set to the URL of the STS. Examples of authority URL are:
-
https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163for a single tenant application defined in the tenant whichTenantIdisf31e6716-26e8-4651-b323-2563936b4163 -
https://login.microsoftonline.com/contoso.onmicrosoft.com. This representation is like the previous one, but uses the tenant domain name instead of the tenant Id. -
https://login.microsoftonline.de/contoso.dealso uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant. And the instance URL here is for the German national cloud. -
https://login.microsoftonline.com/commonin the case of a multi-tenant application, that is an application available in several Azure AD tenants. - It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized with the convention that the URL should contain
adfslikehttps://contoso.com/adfs.
Note that the authority might also be an Azure AD B2C tenant, but ADAL does not support B2C.