Skip to content

[Bug] Fix bug with AadIssuerValidator #3047

New issue
New issue
Closed
Closed
[Bug] Fix bug with AadIssuerValidator#3047
Labels
BugProduct is not functioning as expectedP1More important, prioritize highly
Milestone
8.3.0
@jennyf19

Description

@jennyf19
jennyf19
opened on Dec 3, 2024

Fix bug with AadIssuerValidator
Description
The current implementation of AadIssuerValidator always expects that token issuer length should be greater than templateTenantIdPosition + tenantId's length.
It's not true for the case when Issuer in token and Issuer template in OIDC configuration match, but don't have a trailing slash.

Example:
Issuer template in OIDC configuration: https://sts.windows.net/{tenantid}
Issuer in JWT token: https://sts.windows.net/f645ad92-e38d-4d1a-b510-d1b09a74a8ca

Condition tokenIssuer.Length <= templateTenantIdPosition + tenantId.Length of IsValidIssuer method results to true because tokenIssuer.Length equals to templateTenantIdPosition + tenantId.Length. As a result, the issuer is considered as invalid even when it matches to the issuer template from OIDC config.

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugProduct is not functioning as expectedP1More important, prioritize highly

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions