RSTR returned unknown token type #186
Comments
|
@rayluo @navyasric @abhidnya13 will be the right ones to help you out with the details. |
|
Thanks @bhall7718 for the in-depth report, and thanks @henrik-me for the accurate triaging! Although I was not around when those Or, since @bhall7718 already has such an environment, he can try to hack into the existing code to accept that SAML 1.1 token, and then see whether the subsequent interactions (i.e. the token exchange between his provider and Microsoft AAD) would work. |
|
@bhall7718 : Do you have an environment where you will be able to validate a fix for this issue? Also can you pls. describe your setup (which components are included) and the repro steps? |
|
These seem to be equivalent ways of specifying the same token. It's most likely that "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" will refer to a Saml11 token You may want to expand the constants. |
|
@bhall7718 I have added support for Wss Saml token 1.1 which you are using in the saml1.1test branch on the repo. Can you test it and let me know if it works? You can use |
|
The fix was confirmed to be working with the customer and was added in ADAL Python 1.2.1 |
When the organization I'm working with tries to use this python library to fetch a token from AAD, I get the following error:
Traceback (most recent call last):
File "Get-Token.py", line 21, in
user_parameters['clientId'])
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/authentication_context.py", line 164, in acquire_token_with_username_password
return self._acquire_token(token_func)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/authentication_context.py", line 128, in _acquire_token
return token_func(self)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/authentication_context.py", line 162, in token_func
return token_request.get_token_with_username_password(username, password)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/token_request.py", line 288, in get_token_with_username_password
token = self._get_token_username_password_federated(username, password)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/token_request.py", line 257, in _get_token_username_password_federated
username, password)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/token_request.py", line 212, in _perform_username_password_for_access_token_exchange
return self._perform_wstrust_assertion_oauth_exchange(wstrust_response)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/token_request.py", line 184, in _perform_wstrust_assertion_oauth_exchange
grant_type = _get_saml_grant_type(wstrust_response)
File "/Users/user-x/anaconda2/envs/python3env/lib/python3.6/site-packages/adal/token_request.py", line 65, in _get_saml_grant_type
raise AdalError("RSTR returned unknown token type: {}".format(token_type))
adal.adal_error.AdalError: RSTR returned unknown token type: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
From looking at the source, it would seem the problem is that it will always throw this when the type does not match one of the two following constant types found here:
TokenTypeV1 = 'urn:oasis:names:tc:SAML:1.0:assertion'
TokenTypeV2 = 'urn:oasis:names:tc:SAML:2.0:assertion'
Here is where the evaluation is being handled in the source.
Is there something we need to do with our customer's AAD setup to get it to conform to the above constants for this library? Should this library be expanded to include this other type?
The text was updated successfully, but these errors were encountered: