Fix code ql by logging the response and not sending it in exception (#…

…5085) * Fix code ql by logging the response and not sending it in exception * Update src/client/Microsoft.Identity.Client/MsalErrorMessage.cs Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com> --------- Co-authored-by: Gladwin Johnson <90415114+gladjohn@users.noreply.github.com>
AzureAD · Jan 17, 2025 · eb39be7 · eb39be7
1 parent 5de0661
commit eb39be7
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 4 deletions.
diff --git a/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs b/src/client/Microsoft.Identity.Client/MsalErrorMessage.cs
@@ -189,7 +189,8 @@ public static string iOSBrokerKeySaveFailed(string keyChainResult)
         public const string PlatformNotSupported = "Platform Not Supported";
 
         public const string FederatedServiceReturnedErrorTemplate = "Federated service at {0} returned error: {1} ";
-        public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error: Body {1} ";
+        public const string ParsingWsTrustResponseFailedErrorTemplate = "Federated service at {0} parse error. Enable logging with PII to see more details. See https://aka.ms/msal-net-logging.";
+
         public const string UnknownUserType = "Unknown User Type";
         public const string ParsingWsTrustResponseFailedDueToConfiguration = "There was an error parsing the WS-Trust response from the endpoint. " +
             "\nThis may occur if there are issues with your ADFS configuration. See https://aka.ms/msal-net-iwa-troubleshooting for more details." +

diff --git a/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs b/src/client/Microsoft.Identity.Client/WsTrust/WsTrustWebRequestManager.cs
@@ -151,11 +151,12 @@ public async Task<WsTrustResponse> GetWsTrustResponseAsync(
             }
             catch (System.Xml.XmlException ex)
             {
+                requestContext.Logger.ErrorPii("Error parsing WS-Trust response: \n" + resp.Body, "Error parsing WS-Trust response. ");
+
                 string message = string.Format(
                         CultureInfo.CurrentCulture,
                         MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate,
-                        wsTrustEndpoint.Uri,
-                        resp.Body);
+                        wsTrustEndpoint.Uri);
 
                 throw new MsalClientException(
                     MsalError.ParsingWsTrustResponseFailed, message, ex);

diff --git a/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs b/tests/Microsoft.Identity.Test.Unit/CoreTests/WsTrustTests/WsTrustTests.cs
@@ -99,7 +99,7 @@ public async Task WsTrustRequestParseErrorTestAsync()
         {
             const string body = "Non-Parsable";
             const string uri = "https://some/address/usernamemixed";
-            string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri, body);
+            string expectedMessage = string.Format(CultureInfo.CurrentCulture, MsalErrorMessage.ParsingWsTrustResponseFailedErrorTemplate, uri);
 
             var endpoint = new WsTrustEndpoint(new Uri(uri), WsTrustVersion.WsTrust13);