Skip to content

Federated Credentials #6838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
tracyboehrer merged 4 commits into from
Aug 21, 2024
Merged

Federated Credentials #6838

tracyboehrer merged 4 commits into from
Aug 21, 2024
+272 −1

Conversation

@tracyboehrer
Copy link
Member

@tracyboehrer tracyboehrer commented Aug 5, 2024
edited
Loading

Fixes #6828

At the moment, this ONLY works on the Microsoft tenant.

  1. Deploy multi or single tenant bot (eg, ARM templates or manually)
  2. Create ManagedIdentity, record the Client ID and the Object ID
  3. Add ManagedIdentity to the App Service "Identity" tab
  4. In App Registration, under "Certificates & secrets", add a new Federated Credential
    1. Scenario is "Other issuer"
    2. Issuer: "https://login.microsoftonline.com/{tenantId}/v2.0"
    3. Subject: {msi-object-id}
  5. In appsettings, update:
    • MicrosoftAppType: {SingleTenant | MultiTenant}
    • MicrosoftAppId: {app-id}
    • MicrosoftAppClientId: {msi-client-id}
    • MicrosoftAppTenantId: {tenantid-for-singletenant-only}

In Startup.cs, add:

services.AddSingleton<ServiceClientCredentialsFactory>(
    new FederatedServiceClientCredentialsFactory(_configuration["MicrosoftAppId"], _configuration["MicrosoftAppClientId"], _configuration["MicrosoftAppTenantId"]));

There will need to be a follow-on PR/commit to integrate this with ConfigurationServiceClientCredentialFactory to make it config based.

@tracyboehrer tracyboehrer added Automation: Parity with python The PR needs to be ported to Python Automation: Parity with js The PR needs to be ported to JS labels Aug 5, 2024
@tracyboehrer tracyboehrer requested a review from a team as a code owner August 5, 2024 14:43
@tracyboehrer tracyboehrer requested a review from sw-joelmut August 5, 2024 16:32
@tracyboehrer
Copy link
Member Author

tracyboehrer commented Aug 5, 2024

@sw-joelmut I've tested this with Single and Multi Tenant. I have not tested for Skills. Can you add this testing to your queue?

@tracyboehrer
Copy link
Member Author

tracyboehrer commented Aug 21, 2024

Confirmed to be only available on the Microsoft tenant. Future support for non-MS tenants unknown.

@BruceHaley
Copy link
Contributor

BruceHaley commented Aug 21, 2024

✔️ No Binary Compatibility issues for Microsoft.Bot.Connector.dll

@tracyboehrer tracyboehrer merged commit bfbbbca into main Aug 21, 2024
@tracyboehrer tracyboehrer deleted the tracyboehrer/fic-redux branch August 21, 2024 18:40
@tracyboehrer tracyboehrer mentioned this pull request Sep 26, 2024
Closed
@sw-joelmut sw-joelmut mentioned this pull request Oct 8, 2024
Merged
@stepro
Copy link
Member

stepro commented Oct 21, 2024

@tracyboehrer it turns out that the Teams.AI library is hardcoded to use the ConfigurationServiceClientCredentialFactory:

https://github.com/microsoft/teams-ai/blob/main/dotnet/packages/Microsoft.TeamsAI/Microsoft.TeamsAI/Application/TeamsAdapter.cs#L58

I'll post an issue in their repo to make this customizable, but any ETA on the follow up PR to pull in config? Either one of these would unblock me. Thanks!

@stepro stepro mentioned this pull request Oct 21, 2024
Closed
@dependabot dependabot bot mentioned this pull request Dec 18, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sw-joelmut sw-joelmut Awaiting requested review from sw-joelmut

Assignees

No one assigned

Labels

Automation: Parity with js The PR needs to be ported to JS Automation: Parity with python The PR needs to be ported to Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Federated Credentials with App Registration

4 participants

@tracyboehrer @BruceHaley @stepro