Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme #4428

Closed
bgavrilMS opened this issue Nov 20, 2023 · 1 comment · Fixed by #4616
Closed

[Feature Request] AAD client assertions should be computed using SHA 256 and an approved padding scheme #4428

bgavrilMS opened this issue Nov 20, 2023 · 1 comment · Fixed by #4616
Assignees
@bgavrilMS
Labels
confidential-client Feature Request
Milestone
4.60.0

Comments

@bgavrilMS
Copy link
Member

bgavrilMS commented Nov 20, 2023
edited

MSAL client type

Confidential

Problem Statement

When MSAL creates the client assertion, it uses PKCS1 padding for digital signature and SHA1 as x5t claim. These are old crypto algorithms and we need to move to newer versions. The STS is building support.

See ESTS work items :

https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2655345
https://identitydivision.visualstudio.com/Engineering/_workitems/edit/2704466

Proposed solution

Use x5t#s256 and PSS padding when talking to ESTS, CIAM, B2C(?) but not with ADFS.
@bgavrilMS bgavrilMS added untriaged Do not delete. Needed for Automation needs attention Delete label after triage Feature Request and removed untriaged Do not delete. Needed for Automation needs attention Delete label after triage labels Nov 20, 2023
This was referenced Dec 14, 2023
Open
Open
Open
Open
@bgavrilMS
Copy link
Member Author

This seems to be in prod now, but I am not sure B2C, CIAM, dSTS etc. have this. Let's have a flexible solution for now.

@bgavrilMS bgavrilMS self-assigned this Jan 29, 2024
This was referenced Jan 31, 2024
Closed
Merged
@pmaytak pmaytak added this to the 4.60.0 milestone Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bgavrilMS bgavrilMS

Labels
confidential-client Feature Request
Projects
MSAL.NET Customer Trust
Archived in project
Milestone
4.60.0
2 participants
@bgavrilMS @pmaytak