Merge pull request Azure#3294 from adarce/feature/filter-adfs

cormacpayne · web-flow · commit 4cc130d4e445 · 2016-12-16T15:10:59.000-08:00
Use a simpler filter when calling Graph in ADFS scenarios.
diff --git a/src/ResourceManager/KeyVault/Commands.KeyVault/Models/KeyVaultManagementCmdletBase.cs b/src/ResourceManager/KeyVault/Commands.KeyVault/Models/KeyVaultManagementCmdletBase.cs
@@ -24,6 +24,7 @@
 using System.Collections;
 using System.Collections.Generic;
 using System.Linq;
+using System.Linq.Expressions;
 using System.Threading.Tasks;
 using PSKeyVaultModels = Microsoft.Azure.Commands.KeyVault.Models;
 using PSKeyVaultProperties = Microsoft.Azure.Commands.KeyVault.Properties;
@@ -193,17 +194,15 @@ protected string GetObjectId(string objectId, string upn, string spn)
             if (!string.IsNullOrWhiteSpace(upn))
             {
                 objectFilter = upn;
-                var user = ActiveDirectoryClient.Users.Where(u =>
-                        u.UserPrincipalName.Equals(upn) || u.Mail.Equals(upn) || u.OtherMails.Any(m => m.Equals(upn))).
-                        ExecuteAsync().GetAwaiter().GetResult().CurrentPage.FirstOrDefault();
+                var user = ActiveDirectoryClient.Users.Where(FilterByUpn(upn)).ExecuteAsync().GetAwaiter().GetResult().CurrentPage.FirstOrDefault();
                 if (user != null)
                     objId = user.ObjectId;
             }
             else if (!string.IsNullOrWhiteSpace(spn))
             {
                 objectFilter = spn;
                 var servicePrincipal = ActiveDirectoryClient.ServicePrincipals.Where(s =>
-                    s.ServicePrincipalNames.Any(n => n.Equals(spn)))
+                    s.ServicePrincipalNames.Any(n => n.Equals(spn, StringComparison.OrdinalIgnoreCase)))
                     .ExecuteAsync().GetAwaiter().GetResult().CurrentPage.FirstOrDefault();
                 if (servicePrincipal != null)
                     objId = servicePrincipal.ObjectId;
@@ -246,6 +245,19 @@ protected bool IsValidObjectIdSyntax(string objectId)
             return Guid.TryParse(objectId, out dummyValue);
         }
 
+        private Expression<Func<IUser, bool>> FilterByUpn(string upn)
+        {
+            // In ADFS, Graph cannot handle this particular combination of filters.
+            if (!DefaultProfile.Context.Environment.OnPremise)
+            {
+                return u => u.UserPrincipalName.Equals(upn, StringComparison.OrdinalIgnoreCase) ||
+                    u.Mail.Equals(upn, StringComparison.OrdinalIgnoreCase) ||
+                    u.OtherMails.Any(m => m.Equals(upn, StringComparison.OrdinalIgnoreCase));
+            }
+
+            return u => u.UserPrincipalName.Equals(upn, StringComparison.OrdinalIgnoreCase);
+        }
+
         protected readonly string[] DefaultPermissionsToKeys =
         {
             "get",
