Azure
diff --git a/‎sdk/storage/azure-storage-blob/assets.json
Lines changed: 1 addition & 1 deletion b/‎sdk/storage/azure-storage-blob/assets.json
Lines changed: 1 addition & 1 deletion
diff --git a/‎sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/implementation/util/BlobSasImplUtil.java
Lines changed: 6 additions & 1 deletion b/‎sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/implementation/util/BlobSasImplUtil.java
Lines changed: 6 additions & 1 deletion
diff --git a/‎sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/sas/BlobServiceSasSignatureValues.java
Lines changed: 26 additions & 0 deletions b/‎sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/sas/BlobServiceSasSignatureValues.java
Lines changed: 26 additions & 0 deletions
diff --git a/‎sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java
Lines changed: 6 additions & 2 deletions b/‎sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java
Lines changed: 6 additions & 2 deletions
@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "java",
   "TagPrefix": "java/storage/azure-storage-blob",
-  "Tag": "java/storage/azure-storage-blob_098e26235c"
+  "Tag": "java/storage/azure-storage-blob_26d22d7fb8"
 }
@@ -95,6 +95,8 @@ public class BlobSasImplUtil {
 
     private String encryptionScope;
 
+    private String delegatedUserObjectId;
+
     /**
      * Creates a new {@link BlobSasImplUtil} with the specified parameters
      *
@@ -140,6 +142,7 @@ public BlobSasImplUtil(BlobServiceSasSignatureValues sasValues, String container
         this.authorizedAadObjectId = sasValues.getPreauthorizedAgentObjectId();
         this.correlationId = sasValues.getCorrelationId();
         this.encryptionScope = encryptionScope;
+        this.delegatedUserObjectId = sasValues.getDelegatedUserObjectId();
     }
 
     /**
@@ -262,6 +265,8 @@ private String encode(UserDelegationKey userDelegationKey, String signature) {
             tryAppendQueryParameter(sb, Constants.UrlConstants.SAS_PREAUTHORIZED_AGENT_OBJECT_ID,
                 this.authorizedAadObjectId);
             tryAppendQueryParameter(sb, Constants.UrlConstants.SAS_CORRELATION_ID, this.correlationId);
+            tryAppendQueryParameter(sb, Constants.UrlConstants.SAS_DELEGATED_USER_OBJECT_ID,
+                this.delegatedUserObjectId);
         }
         tryAppendQueryParameter(sb, Constants.UrlConstants.SAS_SIGNED_RESOURCE, this.resource);
         tryAppendQueryParameter(sb, Constants.UrlConstants.SAS_SIGNED_PERMISSIONS, this.permissions);
@@ -453,7 +458,7 @@ private String stringToSign(final UserDelegationKey key, String canonicalName) {
                 this.authorizedAadObjectId == null ? "" : this.authorizedAadObjectId,
                 "", /* suoid - empty since this applies to HNS only accounts. */
                 this.correlationId == null ? "" : this.correlationId, "", /* new schema 2025-07-05 */
-                "", /* new schema 2025-07-05 */
+                this.delegatedUserObjectId == null ? "" : this.delegatedUserObjectId,
                 this.sasIpRange == null ? "" : this.sasIpRange.toString(),
                 this.protocol == null ? "" : this.protocol.toString(), VERSION, resource,
                 versionSegment == null ? "" : versionSegment, this.encryptionScope == null ? "" : this.encryptionScope,
 
@@ -82,6 +82,7 @@ public final class BlobServiceSasSignatureValues {
     private String preauthorizedAgentObjectId; /* saoid */
     private String correlationId;
     private String encryptionScope;
+    private String delegatedUserObjectId;
 
     /**
      * Creates an object with empty values for all fields.
@@ -575,6 +576,30 @@ public BlobServiceSasSignatureValues setCorrelationId(String correlationId) {
         return this;
     }
 
+    /**
+     * Optional. Beginning in version 2025-07-05, this value specifies the Entra ID of the user that is authorized to
+     * use the resulting SAS URL. The resulting SAS URL must be used in conjunction with an Entra ID token that has been
+     * issued to the user specified in this value.
+     *
+     * @return The Entra ID of the user that is authorized to use the resulting SAS URL.
+     */
+    public String getDelegatedUserObjectId() {
+        return delegatedUserObjectId;
+    }
+
+    /**
+     * Optional. Beginning in version 2025-07-05, this value specifies the Entra ID of the user that is authorized to
+     * use the resulting SAS URL. The resulting SAS URL must be used in conjunction with an Entra ID token that has been
+     * issued to the user specified in this value.
+     *
+     * @param delegatedUserObjectId The Entra ID of the user that is authorized to use the resulting SAS URL.
+     * @return the updated BlobServiceSasSignatureValues object
+     */
+    public BlobServiceSasSignatureValues setDelegatedUserObjectId(String delegatedUserObjectId) {
+        this.delegatedUserObjectId = delegatedUserObjectId;
+        return this;
+    }
+
     /**
      * Uses an account's shared key credential to sign these signature values to produce the proper SAS query
      * parameters.
@@ -754,6 +779,7 @@ private String stringToSign(final UserDelegationKey key, String canonicalName) {
             key.getSignedExpiry() == null ? "" : Constants.ISO_8601_UTC_DATE_FORMATTER.format(key.getSignedExpiry()),
             key.getSignedService() == null ? "" : key.getSignedService(),
             key.getSignedVersion() == null ? "" : key.getSignedVersion(),
+            this.delegatedUserObjectId == null ? "" : this.delegatedUserObjectId,
             this.sasIpRange == null ? "" : this.sasIpRange.toString(),
             this.protocol == null ? "" : this.protocol.toString(),
             VERSION_DEPRECATED_USER_DELEGATION_SAS_STRING_TO_SIGN, /* Pin down to version so old string to sign works. */
 
@@ -772,15 +772,19 @@ protected void liveTestScenarioWithRetry(Runnable runnable) {
         }
 
         int retry = 0;
-        while (retry < 5) {
+
+        // Try up to 5 times (4 retries + 1 final attempt)
+        while (retry < 4) {
             try {
                 runnable.run();
-                break;
+                return; // success
             } catch (Exception ex) {
                 retry++;
                 sleepIfRunningAgainstService(5000);
             }
         }
+        // Final attempt (5th try)
+        runnable.run();
     }
 
     protected HttpPipelinePolicy getPerCallVersionPolicy() {
Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,5 @@`
`2`	`2`	`"AssetsRepo": "Azure/azure-sdk-assets",`
`3`	`3`	`"AssetsRepoPrefixPath": "java",`
`4`	`4`	`"TagPrefix": "java/storage/azure-storage-blob",`
`5`		`- "Tag": "java/storage/azure-storage-blob_098e26235c"`
	`5`	`+ "Tag": "java/storage/azure-storage-blob_26d22d7fb8"`
`6`	`6`	`}`
Original file line number	Diff line number	Diff line change
`@@ -772,15 +772,19 @@ protected void liveTestScenarioWithRetry(Runnable runnable) {`
`772`	`772`	`}`
`773`	`773`
`774`	`774`	`int retry = 0;`
`775`		`- while (retry < 5) {`
	`775`	`+`
	`776`	`+ // Try up to 5 times (4 retries + 1 final attempt)`
	`777`	`+ while (retry < 4) {`
`776`	`778`	`try {`
`777`	`779`	`runnable.run();`
`778`		`- break;`
	`780`	`+ return; // success`
`779`	`781`	`} catch (Exception ex) {`
`780`	`782`	`retry++;`
`781`	`783`	`sleepIfRunningAgainstService(5000);`
`782`	`784`	`}`
`783`	`785`	`}`
	`786`	`+ // Final attempt (5th try)`
	`787`	`+ runnable.run();`
`784`	`788`	`}`
`785`	`789`
`786`	`790`	`protected HttpPipelinePolicy getPerCallVersionPolicy() {`