Merge remote-tracking branch 'upstream/master'

Author: shpimpal

src/Accounts/Accounts/Az.Accounts.psd1

@@ -56,28 +56,27 @@ DotNetFrameworkVersion = '4.7.2'
 # RequiredModules = @()
 
 # Assemblies that must be loaded prior to importing this module
-RequiredAssemblies = '.\Microsoft.Azure.PowerShell.Authentication.Abstractions.dll', 
-               '.\Microsoft.Azure.PowerShell.Authentication.dll', 
-               '.\Microsoft.Azure.PowerShell.Authentication.ResourceManager.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Authorization.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Compute.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Graph.Rbac.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Monitor.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Network.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.ResourceManager.dll', 
-               '.\Microsoft.Azure.PowerShell.Common.dll', 
-               '.\Microsoft.Azure.PowerShell.Storage.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Storage.Management.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.KeyVault.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Websites.dll', 
-               '.\Hyak.Common.dll', '.\Microsoft.ApplicationInsights.dll', 
-               '.\Microsoft.Azure.Common.dll', 
-               '.\Microsoft.Rest.ClientRuntime.dll', 
-               '.\Microsoft.Rest.ClientRuntime.Azure.dll', 
-               '.\Microsoft.Rest.ClientRuntime.Azure.Authentication.dll', 
-               '.\Microsoft.WindowsAzure.Storage.dll', 
-               '.\Microsoft.WindowsAzure.Storage.DataMovement.dll', 
-               '.\Microsoft.Azure.PowerShell.Clients.Aks.dll', 
+RequiredAssemblies = '.\Microsoft.Azure.PowerShell.Authentication.Abstractions.dll',
+               '.\Microsoft.Azure.PowerShell.Authentication.dll',
+               '.\Microsoft.Azure.PowerShell.Authentication.ResourceManager.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Authorization.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Compute.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Graph.Rbac.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Monitor.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Network.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.ResourceManager.dll',
+               '.\Microsoft.Azure.PowerShell.Common.dll',
+               '.\Microsoft.Azure.PowerShell.Storage.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Storage.Management.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.KeyVault.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Websites.dll',
+               '.\Hyak.Common.dll', '.\Microsoft.ApplicationInsights.dll',
+               '.\Microsoft.Azure.Common.dll',
+               '.\Microsoft.Rest.ClientRuntime.dll',
+               '.\Microsoft.Rest.ClientRuntime.Azure.dll',
+               '.\Microsoft.WindowsAzure.Storage.dll',
+               '.\Microsoft.WindowsAzure.Storage.DataMovement.dll',
+               '.\Microsoft.Azure.PowerShell.Clients.Aks.dll',
                '.\Microsoft.Azure.PowerShell.Strategies.dll'
 
 # Script files (.ps1) that are run in the caller's environment prior to importing this module.

src/Accounts/Accounts/ChangeLog.md

@@ -18,6 +18,7 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Update Authentication Library to fix ADFS issues with username/password auth
 
 ## Version 1.5.1
 * Update Uninstall-AzureRm to correctly delete modules in Mac

src/Accounts/Authentication/AdalLogger.cs

@@ -22,7 +22,7 @@ namespace Microsoft.Azure.Commands.Common.Authentication
     /// Implements logging callback for ADAL - since only a single logger is allowed, allow
     /// reporting logs to multiple logging mechanisms
     /// </summary>
-    public class AdalLogger : IAdalLogCallback, IDisposable
+    public class AdalLogger :  IDisposable
     {
         Action<string> _logger;
 
@@ -74,7 +74,7 @@ public void Log(LogLevel level, string message)
         /// <summary>
         /// Central logging mechanism - allows registering multiple logging callbacks
         /// </summary>
-        class AdalCompositeLogger : IAdalLogCallback
+        class AdalCompositeLogger 
         {
             static object _lockObject = new object();
             IList<AdalLogger> _loggers = new List<AdalLogger>();
@@ -96,7 +96,8 @@ internal static void Enable(AdalLogger logger)
                 lock (_lockObject)
                 {
                     Instance._loggers.Add(logger);
-                    LoggerCallbackHandler.Callback = Instance;
+                    LoggerCallbackHandler.LogCallback = Instance.Log;
+                    LoggerCallbackHandler.PiiLoggingEnabled = true;
                 }
             }
 
@@ -129,7 +130,7 @@ internal static void Disable(AdalLogger logger)
             /// </summary>
             /// <param name="level">The log level</param>
             /// <param name="message">The log message</param>
-            public void Log(LogLevel level, string message)
+            public void Log(LogLevel level, string message, bool containsPII)
             {
                 foreach (var logger in _loggers)
                 {

src/Accounts/Authentication/Authentication.csproj

@@ -12,8 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.Rest.ClientRuntime.Azure.Authentication" Version="2.3.5" />
-    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.14.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Clients.ActiveDirectory" Version="3.19.2" />
   </ItemGroup>
 
 </Project>

src/Accounts/Authentication/Authentication/CertificateApplicationCredentialProvider.cs

@@ -15,10 +15,7 @@
 using Hyak.Common;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
-#if NETSTANDARD
-using Microsoft.Rest.Azure.Authentication;
 using Microsoft.WindowsAzure.Commands.Common;
-#endif
 using System;
 using System.Collections.Generic;
 using System.Security;
@@ -105,13 +102,8 @@ private AuthenticationResult AcquireTokenWithSecret(AdalConfiguration config, st
 
             StoreAppKey(appId, config.AdDomain, appKey);
             var context = GetContext(config);
-#if !NETSTANDARD
-            var credential = new ClientCredential(appId, appKey);
-            return context.AcquireToken(config.ResourceClientUri, credential);
-#else
             var credential = new ClientCredential(appId, ConversionUtilities.SecureStringToString(appKey));
             return context.AcquireTokenAsync(config.ResourceClientUri, credential).ConfigureAwait(false).GetAwaiter().GetResult();
-#endif
         }
 
         private AuthenticationResult AcquireTokenWithCertificate(
@@ -126,32 +118,20 @@ private AuthenticationResult AcquireTokenWithCertificate(
             }
 
             var context = GetContext(config);
-#if !NETSTANDARD
-            return context.AcquireToken(config.ResourceClientUri, new ClientAssertionCertificate(appId, certificate));
-#else
             return context.AcquireTokenAsync(config.ResourceClientUri, new Microsoft.IdentityModel.Clients.ActiveDirectory.ClientAssertionCertificate(appId, certificate))
                           .ConfigureAwait(false).GetAwaiter().GetResult();
-#endif
         }
 
         private AuthenticationResult RenewWithSecret(AdalConfiguration config, string appId)
         {
             TracingAdapter.Information(Resources.SPNRenewTokenTrace, appId, config.AdDomain, config.AdEndpoint,
                 config.ClientId, config.ClientRedirectUri);
-#if !NETSTANDARD
-            using (SecureString appKey = LoadAppKey(appId, config.AdDomain))
-            {
-#else
                 var appKey = LoadAppKey(appId, config.AdDomain);
-#endif
                 if (appKey == null)
                 {
                     throw new KeyNotFoundException(string.Format(Resources.ServiceKeyNotFound, appId));
                 }
                 return AcquireTokenWithSecret(config, appId, appKey);
-#if !NETSTANDARD
-            }
-#endif
         }
 
         private AuthenticationResult RenewWithCertificate(
@@ -212,7 +192,7 @@ public void AuthorizeRequest(Action<string, string> authTokenSetter)
 
             public string AccessToken { get { return AuthResult.AccessToken; } }
 
-            public string LoginType { get { return Authentication.LoginType.OrgId; } }
+            public string LoginType { get { return Common.Authentication.LoginType.OrgId; } }
 
             public string TenantId { get { return this.Configuration.AdDomain; } }
 

src/Accounts/Authentication/Authentication/KeyStoreApplicationCredentialProvider.cs

@@ -12,7 +12,6 @@
 // limitations under the License.
 // ----------------------------------------------------------------------------------
 using Hyak.Common;
-using Microsoft.Azure.Commands.Common.Authentication;
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using System;
@@ -276,9 +275,9 @@ public string LoginType
                 {
                     if (AuthResult.UserInfo.IdentityProvider != null)
                     {
-                        return Authentication.LoginType.LiveId;
+                        return Common.Authentication.LoginType.LiveId;
                     }
-                    return Authentication.LoginType.OrgId;
+                    return Common.Authentication.LoginType.OrgId;
                 }
             }
 

src/Accounts/Authentication/Authentication/ServicePrincipalTokenProvider.cs

@@ -16,7 +16,6 @@
 using Microsoft.Azure.Commands.Common.Authentication.Abstractions;
 using Microsoft.IdentityModel.Clients.ActiveDirectory;
 using Microsoft.Rest;
-using Microsoft.Rest.Azure.Authentication;
 using System;
 using System.Linq;
 using System.Security;
@@ -335,13 +334,6 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
                 /*TracingAdapter.Information(Resources.UPNAuthenticationTokenTrace,
                     token.LoginType, token.TenantId, token.UserId);*/
 
-                var env = new ActiveDirectoryServiceSettings
-                {
-                    AuthenticationEndpoint = context.Environment.GetEndpointAsUri(AzureEnvironment.Endpoint.ActiveDirectory),
-                    TokenAudience = context.Environment.GetEndpointAsUri(context.Environment.GetTokenAudience(targetEndpoint)),
-                    ValidateAuthority = !context.Environment.OnPremise
-                };
-
                 var tokenCache = AzureSession.Instance.TokenCache;
 
                 if (context.TokenCache != null)
@@ -361,33 +353,8 @@ public ServiceClientCredentials GetServiceClientCredentials(IAzureContext contex
                                 context.Environment.GetTokenAudience(targetEndpoint)));
                         break;
                     case AzureAccount.AccountType.User:
-                        result = Rest.Azure.Authentication.UserTokenProvider.CreateCredentialsFromCache(
-                           AdalConfiguration.PowerShellClientId,
-                           tenant,
-                           context.Account.Id,
-                           env,
-                           tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                        break;
                     case AzureAccount.AccountType.ServicePrincipal:
-                        if (context.Account.IsPropertySet(AzureAccount.Property.CertificateThumbprint))
-                        {
-                            result = ApplicationTokenProvider.LoginSilentAsync(
-                                tenant,
-                                context.Account.Id,
-                                new CertificateApplicationCredentialProvider(
-                                    context.Account.GetThumbprint()),
-                                env,
-                                tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                        }
-                        else
-                        {
-                            result = ApplicationTokenProvider.LoginSilentAsync(
-                                tenant,
-                                context.Account.Id,
-                                new KeyStoreApplicationCredentialProvider(tenant, KeyStore),
-                                env,
-                                tokenCache as TokenCache).ConfigureAwait(false).GetAwaiter().GetResult();
-                        }
+                        result = new RenewingTokenCredential(Authenticate(context.Account, context.Environment, tenant, null, ShowDialog.Never, null, context.Environment.GetTokenAudience(targetEndpoint)));
                         break;
                     default:
                         throw new NotSupportedException(context.Account.Type.ToString());