Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Access token cannot be retrieved if Saxon is default transformer

See original GitHub issue

Access token cannot be retrieved and throws the below error if Saxon transformer is on the classpath or javax.xml.transform.TransformerFactory is set to net.sf.saxon.TransformerFactoryImpl.

Caused by: com.microsoft.aad.msal4j.MsalInteractionRequiredException: AADSTS500088: SAML Assertion is missing the required 'MajorVersion' Attribute.
Trace ID: 18981f3d-9297-412d-a7b0-7560355dc900
Correlation ID: b0e1f1c9-4706-45fc-b245-8ca3102e3e93
Timestamp: 2021-11-29 12:30:20Z
	at com.microsoft.aad.msal4j.MsalServiceExceptionFactory.fromHttpResponse(MsalServiceExceptionFactory.java:37)
	at com.microsoft.aad.msal4j.TokenRequestExecutor.createAuthenticationResultFromOauthHttpResponse(TokenRequestExecutor.java:96)
	at com.microsoft.aad.msal4j.TokenRequestExecutor.executeTokenRequest(TokenRequestExecutor.java:37)
	at com.microsoft.aad.msal4j.AbstractClientApplicationBase.acquireTokenCommon(AbstractClientApplicationBase.java:120)
	at com.microsoft.aad.msal4j.AcquireTokenByAuthorizationGrantSupplier.execute(AcquireTokenByAuthorizationGrantSupplier.java:63)
	at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:59)
	at com.microsoft.aad.msal4j.AuthenticationResultSupplier.get(AuthenticationResultSupplier.java:17)

The issue can be reproduced by means of below code snippet:

String clientId = "<Client-Id>";
String userName = "<User-Name>";
String password = "<Password>";

try {
	System.setProperty("javax.xml.transform.TransformerFactory", "net.sf.saxon.TransformerFactoryImpl");
	PublicClientApplication publicClientApplication = PublicClientApplication.builder(clientId).authority("https://login.microsoftonline.com/organizations").build();
	Set<String> scopes = Set.of("https://analysis.windows.net/powerbi/api/.default");
	UserNamePasswordParameters parameters = UserNamePasswordParameters.builder(scopes, userName, password.toCharArray()).build();
	IAuthenticationResult result = publicClientApplication.acquireToken(parameters).get();

	System.out.println("accessToken = " + result.accessToken());
} catch (Exception e) {
	e.printStackTrace();
}

net.sf.saxon.saxon-he:10.3 and com.microsoft.azure.msal4j:1.11.0 were used to reproduced the issue. The same issue can be also reproduced for previous library com.microsoft.azure.adal4j:1.6.7.

Issue Analytics

  • State:open
  • Created 2 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
siddhijaincommented, Nov 9, 2022

Thanks for your comments and sorry for not being able to include the fix yet. We will plan to include this fix in our next release and will update the thread once done.

1reaction
deepaktiwari29commented, Nov 3, 2022

Hello @rsafaie , Can I know which msal4j jar version has these changes? As I don’t see WSTrustResponse.java file’s change in current source code.

Read more comments on GitHub >

github_iconTop Results From Across the Web

SAML Assertion is missing the required 'MajorVersion' Attribute.
If I revert our application to previous version, every thing is working ... Access token cannot be retrieved if Saxon is default transformer....
Read more >
Changes in this Release - Saxon XSLT
Saxon now supports XQuery. Details of how to use XQuery are provided at using-xquery.html, and information about the conformance to current working drafts ......
Read more >
Controller - Saxonica
The Controller is Saxon's implementation of the JAXP Transformer class, and represents an executing instance of a transformation or query.
Read more >
Getting Access Token | API Documentation
The Access Token is used to exchange data with Equinix APIs. The Refresh Token is used to request a new Access Token when...
Read more >
Untitled
It's handy to add only one transformer/validator for all the ... Default value: true Sets whether to allow access to the original message...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

package private abstract base classes with public members

Next page

Newer version of com.nimbusds:oauth2-oidc-sdk still needed for spring-boot 2.4 to work