-
Notifications
You must be signed in to change notification settings - Fork 126
FAQs
Acquiring token from a Security Token Service (STS) for a client application.
ADAL is available for many programming languages and platforms. ADAL4J is designed to be used in any application that runs on the Java virtual machine.
ADAL is implementing a custom version of the OAuth2 protocol. Also, for some specific scenarios, it may internally use other protocols (e.g. WS-Trust).
No. ADAL is a client library for Azure Active Directory (AAD) and Active Directory Federation Services (ADFS). There are some custom notions such as “resource” required by ADAL which are considered extensions to the general OAuth2 protocol spec and not supported by other STS’s.
It depends on what type of authority you talk to. If it is ADFS, you have to pass false as ADFS does not currently support authority validation. If it is AAD, you still have the option to pass false, but it is recommended to be true, especially if you get the address of the authority from a third party (e.g. via 401 challenge). This is to protect applications and users from being redirected to malicious endpoints to enter their credentials.
It depends on the type of client application you use and the scenario you need a token for. See the guidance documented in Acquire Tokens.
Problems in ADAL could have various reasons. These are the common culprits:
- Your machine has connection issues.
- Your applications/users are not properly configured on AAD or ADFS.
- You are using an incorrect API for your task (ADAL has several similar overloads for the method AcquireToken).
- There is a bug in ADAL! Yes, that is always possible. If you are certain that none of the items above are the reason for the failure, please report it to us and we will investigate and fix the bug if exists.
There are several diagnostics tools you can use:
- ADAL Samples: The first best tool is the set of samples published along with ADAL. Try to find the closest sample to your application and download and run it on your machine. If the sample works properly, you need to follow the same steps of the sample app in your application.
- ADAL diagnostic logs: You can enable ADAL logging. This will write some logs with information about the internal steps of ADAL. You may analyze the logs to find the issue. Also, in case you contact the ADAL team, you need to send the logs to help with the analysis. You can find the instruction on how to turn on ADAL logs here.
- Network traces: Use a tool like Fiddler for recording all the http communications ADAL makes with the server. Using fiddler is especially easy on Windows desktop machines. Please share the network trace file with the ADAL team in case we are involved in diagnosing your issue.
Most errors are returned from ADAL in forms of an exception; however, there are limited cases in which ADAL shows the error on the browser control. These cases happen mostly when the client cannot be validated or authority server cannot be reached.
No. If an operations fails, ADAL reports an error via an exception. The exception includes an error code and also a status code in case the error is returned from the authority. In such cases, it is developer’s job to examine the status code (which mostly reflects the http status code of the response) in the exception and decides whether to retry or not. 502 is usually the status code that warrants a retry.
There is no pre-determined schedule. We try to publish servicing releases very regularly to fix bugs and unblock customers. Major releases usually take longer and we release several preview versions before general availability of a major version.
The goal is to maintain backward compatibility within a major version. For that, we try to only fix bugs or add new features in servicing releases (which increase the minor version of ADAL). However, there is no compatibility guarantee between major versions. We may add or remove support for certain platforms or scenarios, therefore, you are recommended to fully understand the scope of the changes and fully test the new version of ADAL before switching to it in your production code.