Fix code ql by logging the response and not sending it in exception (#5085)

* Fix code ql by logging the response and not sending it in exception

* Update src/client/Microsoft.Identity.Client/MsalErrorMessage.cs

Co-authored-by: Gladwin Johnson <[email protected]>

---------

Co-authored-by: Gladwin Johnson <[email protected]>

Author: neha-bhargava

src/client/Microsoft.Identity.Client/MsalErrorMessage.cs

@@ -189,7 +189,8 @@ public static string iOSBrokerKeySaveFailed(string keyChainResult)
         public const string PlatformNotSupported = "Platform Not Supported";
 
         public const string FederatedServiceReturnedErrorTemplate = "Federated service at {0} returned error: {1} ";
-        public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error: Body {1} ";
+        public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error. Enable logging with PII to see more details. See https://aka.ms/msal-net-logging.";
+
         public const string UnknownUserType = "Unknown User Type";
         public const string ParsingWsTrustResponseFailedDueToConfiguration = "There was an error parsing the WS-Trust response from the endpoint. " +
             "\nThis may occur if there are issues with your ADFS configuration. See https://aka.ms/msal-net-iwa-troubleshooting for more details." +

src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs

@@ -151,11 +151,12 @@ public async Task<WsTrustResponse> GetWsTrustResponseAsync(
             }
             catch (System.Xml.XmlException ex)
             {
+                requestContext.Logger.ErrorPii("Error parsing WS-Trust response: \n" + resp.Body, "Error parsing WS-Trust response. ");
+
                 string message = string.Format(
                         CultureInfo.CurrentCulture,
                         MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate,
-                        wsTrustEndpoint.Uri,
-                        resp.Body);
+                        wsTrustEndpoint.Uri);
 
                 throw new MsalClientException(
                     MsalError.ParsingWsTrustResponseFailed, message, ex);

tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs

@@ -99,7 +99,7 @@ public async Task WsTrustRequestParseErrorTestAsync()
         {
             const string body = "Non-Parsable";
             const string uri = "https://some/address/usernamemixed";
-            string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri, body);
+            string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri);
 
             var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13);