[Bug] Can't use broker mode with adfs authority

[SinLexT]

Library version used

4.66.2

.NET version

.NET 8

Scenario

PublicClient - mobile app

Is this a new or an existing app?

This is a new app or experiment

Issue description and reproduction steps

I want to achive cross app sso so that my outlook android app is auto logged in with my adfs account.

I use exchange 2019, ADFS 2019, and windows server 2022.

Here are the error from debug output in vs 2022

[0:] ====
ERROR => MSAL.Xamarin.Android.4.66.2.0.MsalServiceException:
ErrorCode: unknown_error
Microsoft.Identity.Client.MsalServiceException: Broker response returned error: com.microsoft.identity.common.java.authorities.ActiveDirectoryFederationServicesAuthority cannot be cast to com.microsoft.identity.common.java.authorities.AzureActiveDirectoryAuthority
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.ValidateResponseFromBroker(MsalTokenResponse msalTokenResponse)
at Microsoft.Identity.Client.Internal.Broker.BrokerInteractiveRequestComponent.FetchTokensAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.FetchTokensFromBrokerAsync(String brokerInstallUrl, CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.GetTokenResponseAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.InteractiveRequest.ExecuteAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<>c__DisplayClass11_1.<b__1>d.MoveNext()
--- End of stack trace from previous location ---
at Microsoft.Identity.Client.Utils.StopwatchService.MeasureCodeBlockAsync(Func`1 codeBlock)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.RunAsync(CancellationToken cancellationToken)
at Microsoft.Identity.Client.ApiConfig.Executors.PublicClientExecutor.ExecuteAsync(AcquireTokenCommonParameters commonParameters, AcquireTokenInteractiveParameters interactiveParameters, CancellationToken cancellationToken)
at RecipesApp.MainPage.OnLoginClicked(Object sender, EventArgs e) in C:\MyPath\MainPage.xaml.cs:line 28
StatusCode: 0
ResponseBody:
Headers:

Relevant code snippets

try
            {
                var publicClientApplicationBuilder = PublicClientApplicationBuilder
                    .Create("my_client_id_generated_from_adfs")
#if ANDROID || IOS
                    .WithBroker()
#endif
                    .WithAdfsAuthority("https://adfs.mydomain.com/adfs)
                    .WithRedirectUri($"msauth://com.test.app/my_encoded_base_64")
                    .Build();

                var authResult = await publicClientApplicationBuilder.AcquireTokenInteractive({"email"})
                   .WithParentActivityOrWindow(EntraConfig.ParentWindow)
                   .ExecuteAsync().ConfigureAwait(false);

                Debug.WriteLine($"SUCCESS => {authResult.AccessToken}");
                Debug.WriteLine($"SUCCESS => {authResult}");

            }
            catch (Exception ex)
            {
                Debug.WriteLine($"====\nERROR => {ex}\n====");
            }

Expected behavior

No response

Identity provider

Azure Active Directory Federation Services (ADFS)

Regression

No response

Solution and workarounds

No response

[fengga]

Verified by Android broker folks that ADFS authority is not supported yet.

https://github.com/AzureAD/microsoft-authentication-library-common-for-android/blob/e29fcf192012a8cd802d5c3b917f5051d142c1bb/common4j/src/main/com/microsoft/identity/common/java/authorities/ActiveDirectoryFederationServicesAuthority.java#L47

I'm considering close this issue. If you need ADFS flows, please talk to Android broker team.

[rayluo]

If our implementation can already support detecting adfs authority, we can probably also automatically bypass broker. That is what we did in MSAL Python. @fengga