[Feature Request] Support Identity Federation #1591

jmprieur · 2022-01-08T04:18:17Z

Is your feature request related to a problem? Please describe.

The cert-less scenario can be generalized into an identity federation scenario.
Implicit Azure provider in MSAL (IMDS)

Describe the solution you'd like

Expose the notion of FederatedTokenProvider (which can be used by MSAL.NET to provide an assertion). This could be an abstract class. The issue is with how to cache the assertion. What is the key
Rename MsiSignedAssertionProvider into AzureFederatedTokenProvider and make it public. (Maybe remove the base class)
Expose an option EnableIdentityFederation
Expose a property FederatedClientId, which would contain the UserAssignedManagedIdentityClientId or the system assigned managed identity clientId, and would explicitly explain that this is for the identity federation scenario.

Describe alternatives you've considered

implicitly attempt the msi signed assertion provider when there are not credentials. But the v-team prefers things to be explicit
Keep the UserAssignedManagedIdentityClientId

We could also have a data structure in the configuration:

  "IdentityFederation" {
      "Enabled": true // default true
      " FederatedClientId" : Guid
   }

The text was updated successfully, but these errors were encountered:

jennyf19 · 2022-04-20T02:51:57Z

Released in 1.24.0.

jmprieur added the enhancement New feature or request label Jan 8, 2022

jennyf19 mentioned this issue Apr 6, 2022

Jennyf/msi #1687

Merged

jennyf19 added the cert-less label Apr 20, 2022

jennyf19 added this to the 1.24.0 milestone Apr 20, 2022

jennyf19 closed this as completed Apr 20, 2022

Provide feedback