AzureAD · brentschmaltz · Dec 3, 2024 · Nov 28, 2024 · Nov 28, 2024
@@ -399,7 +399,7 @@ internal static bool IsValidIssuer(string issuerTemplate, string tenantId, strin
                     return false;
 
                 // Ensure tokenIssuer is atleast as long as issuerTemplate with tenantIdTemplate replaced
-                if (tokenIssuer.Length <= templateTenantIdPosition + tenantId.Length)
+                if (tokenIssuer.Length < templateTenantIdPosition + tenantId.Length)
                     return false;
 
                 // Ensure the tenant ID in the token issuer matches the expected tenant ID

@@ -26,6 +26,13 @@ public static TheoryData<AadIssuerValidatorTheoryData> AadIssuerValidationTestCa
             var theoryData = new TheoryData<AadIssuerValidatorTheoryData>
             {
                 // Success cases
+                new AadIssuerValidatorTheoryData("V1_TemplateWithoutTrailingSlash_Matches_V1_IssuerWithoutTrailingSlash_Success")
+                {
+                    TemplatedIssuer = ValidatorConstants.AadIssuerV1CommonAuthorityWithoutTrailingSlash,
+                    TokenIssuer = ValidatorConstants.V1IssuerWithoutTrailingSlash,
+                    TenantIdClaim = ValidatorConstants.TenantIdAsGuid,
+                    ExpectedResult = true,
+                },
                 new AadIssuerValidatorTheoryData("V1_Template_Matches_V1_Issuer_Success")
                 {
                     TemplatedIssuer = ValidatorConstants.AadIssuerV1CommonAuthority,
@@ -106,7 +113,7 @@ public static TheoryData<AadIssuerValidatorTheoryData> AadIssuerValidationTestCa
 
     public class AadIssuerValidatorTheoryData : TheoryDataBase
     {
-        public AadIssuerValidatorTheoryData() {}
+        public AadIssuerValidatorTheoryData() { }
 
         public AadIssuerValidatorTheoryData(string testId) : base(testId) { }
 

@@ -40,8 +40,10 @@ internal class ValidatorConstants
         public const string UsGovIssuer = "https://login.microsoftonline.us/" + UsGovTenantId + "/v2.0";
         public const string UsGovTenantId = "72f988bf-86f1-41af-91ab-2d7cd011db47";
         public const string V1Issuer = "https://sts.windows.net/f645ad92-e38d-4d1a-b510-d1b09a74a8ca/";
+        public const string V1IssuerWithoutTrailingSlash = "https://sts.windows.net/f645ad92-e38d-4d1a-b510-d1b09a74a8ca";
         public const string V1IssuerPPE = "https://sts.windows-ppe.net/f645ad92-e38d-4d1a-b510-d1b09a74a8ca/";
         public const string AadIssuerV1CommonAuthority = "https://sts.windows.net/{tenantid}/";
+        public const string AadIssuerV1CommonAuthorityWithoutTrailingSlash = "https://sts.windows.net/{tenantid}";
         public const string AadIssuerV11CommonAuthority = AadInstance + "/{tenantid}/v1.1";
         public const string AadIssuerV2CommonAuthority = AadInstance + "/{tenantid}/v2.0";