Skip to content
This repository has been archived by the owner on Sep 29, 2023. It is now read-only.

Enable dynamic whitelisting of dSTS endpoints to support new buildouts #215

Merged
merged 16 commits into from
Nov 14, 2019
Merged

Enable dynamic whitelisting of dSTS endpoints to support new buildouts #215

merged 16 commits into from
Nov 14, 2019

Conversation

jmstimso
Copy link
Contributor

@jmstimso jmstimso commented Nov 13, 2019
edited by rayluo
Loading

Enable dynamic whitelisting of dSTS endpoints to support new buildouts of national cloud environments.

UPDATED info quoted from PR conversation:

The new authority.py implementation for dSTS is to support (future) new cloud environments in which we will not be allowed to explicitly whitelist endpoints in public GitHub repos due to customer restrictions on releasing DNS names. Since I have removed dSTS whitelisting constants, these test cases should be sufficient to cover all current and future dSTS endpoints that fit the .dsts. DNS address pattern.

jmstimso added 15 commits July 10, 2018 18:18
@jmstimso
Whitelisting dsts endpoints.
195ea7e
@jmstimso
adding whitespace
ee6c228
@jmstimso
changing back WORLD_WIDE_AUTHORITY
0f9a0b1
@jmstimso
add whitelist function
585421d 
add whitelist function so dsts hosts pass validation.
@jmstimso
Adding unit tests
eac76af 
Adding unit test to test static instance discovery of dsts enpoints and validating of a dsts endpoint in AuthenticationContext.
@jmstimso
fixed whitespace
cb10f06
@jmstimso
fix syntax error
7980428
@jmstimso
Fix whitespace
b888c13
@jmstimso
fix more spaces
3517a43
@jmstimso
Respond to PR comments
57cc36b 
Remove unnecessary white space, add documentation to whitelist, use self.fail in unit test.
@jmstimso
Merge branch 'dev' of https://github.com/AzureAD/azure-activedirector…
27c79e3 
…y-library-for-python into dev
@jmstimso
Enable endpoint discovery
fa9d4ca 
Change dSTS host whitelisting to dynamic discovery of endpoints containing dsts.
@jmstimso
Fix whitespace
35198b3 
Fix whitespace
@jmstimso
Update test_authority.py
ba8bc1e 
Fix dSTS test endpoint value to correct format.
@jmstimso
Update test_authority.py
7c6e35f 
Fix dsts test endpoint.
rayluo
rayluo reviewed Nov 13, 2019
View reviewed changes
Copy link
Collaborator

@rayluo rayluo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Quick question. Does dSTS accept resource parameter rather than scope parameter in the wire protocol? Is that the only reason that dSTS would stick with ADAL library, rather than picking up MSAL?

Also a specific comment below.

adal/authority.py Outdated Show resolved Hide resolved
@jmstimso
Update authority.py
5cd2ecb 
Update whitelist funtion to only check for ".dsts." in url.
@jmstimso
Copy link
Contributor Author

Quick question. Does dSTS accept resource parameter rather than scope parameter in the wire protocol? Is that the only reason that dSTS would stick with ADAL library, rather than picking up MSAL?
Also a specific comment below.

I am not sure about the details on this, we could have a conversation with Abhinav the dSTS lead to add dSTS support to MSAL. For now, this is a short term fix to support customers already using ADAL who need to deploy a new cloud environment.

rayluo
rayluo approved these changes Nov 14, 2019
View reviewed changes
Copy link
Collaborator

@rayluo rayluo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Concluding PR review. 🚢

@rayluo rayluo merged commit a4366c5 into AzureAD:dev Nov 14, 2019
@abhidnya13 abhidnya13 mentioned this pull request May 1, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@rayluo rayluo rayluo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmstimso @rayluo