Skip to content
This repository has been archived by the owner on Jul 5, 2023. It is now read-only.

AuthenticationContext

Jump to bottom
Navya Canumalla edited this page May 9, 2018 · 2 revisions

ADAL4J has one class representing a connection to Azure AD: AuthenticationContext.

What is AuthenticationContext:

An AuthenticationContext represents the authority you want to use for gaining access to resources (ie the authority you refer to when you need tokens). The AuthenticationContext is:

  • a connection to the Security Token Service (STS) or authorization server , through the Authority.

It might be useful to think of the Authority as the source of identities/tokens, in the business sense: I am getting tokens from Contoso. Now Contoso can choose to surface its issuing capacity as an ADFS instance, or as a cloud tenant. Examples of clouds are the Microsoft Cloud, national clouds like the German cloud, or the Chinese Cloud, or even sovereign clouds, like the US government cloud

AuthenticationContext constructor has three parameters:

  1. authority: the STS that ADAL goes to for acquiring token. The address consists of an https url with a minimum of one segment in a path: e.g. https://login.microsoftonline.com/<tenant_name>/
  2. validateAuthority: a boolean flag which specifies whether to validate the authority before sending requests to it.
  3. service: is a construct that allows you to pass a task to be executed by a thread asynchronously. The executor service creates and maintains a reusable pool of threads for executing submitted tasks. In the case of ADAL, it will be asynchronous calls to acquire tokens.

Authority validation:

The authority needs to be set to the URL to the STS. Examples of valid authority are:

  • https://login.microsoftonline.com/f31e6716-26e8-4651-b323-2563936b4163 for a single tenant application defined in the tenant which TenantId is f31e6716-26e8-4651-b323-2563936b4163
  • https://login.microsoftonline.com/contoso.onmicrosoft.com. This representation is like the previous one, but uses the tenant domain name instead of the tenant Id.
  • https://login.microsoftonline.de/contoso.de also uses a domain name, but in this case the Azure AD tenant admins have set a custom domain for their tenant. And this one is for the German national Cloud
  • https://login.microsoftonline.com/common in the case of a multi-tenant application, that is an application available in several Azure AD tenants
  • It can finally be an Active Directory Federation Services (ADFS) URL, which is recognized with the convention that the URL should contain adfs like https://contoso.com/adfs.

Note that the authority might also be an Azure AD B2C tenant, but ADAL does not support B2C.

Getting started with ADAL Java

Configure, build, and test

Advanced topics

FAQ & Common Issues

News

Other resources

Clone this wiki locally