You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rule TA-000026's description is "Service Fabric clusters should only use Azure Active Directory for client authentication". However, the actual rule evaluation specifically just evaluates whether AAD client auth is enabled. It does not evaluate whether other types of client auth are disabled. Service Fabric clusters also have client certificate auth in addition to AAD client auth (see docs).
Is the original intent of the rule to just check whether AAD client auth is enabled or whether AAD client auth is the only client auth enabled?
Expected behavior
Based off the current description, the rule should also validate that client certificate authentication is not enabled in addition to AAD client auth being enabled. Otherwise, the description should be updated to reflect the functionality of the rule's evaluation and simply state that the rule checks whether AAD client auth is enabled.
Reproduction Steps
N/A
Environment
N/A
The text was updated successfully, but these errors were encountered:
Describe the bug
Rule TA-000026's description is "Service Fabric clusters should only use Azure Active Directory for client authentication". However, the actual rule evaluation specifically just evaluates whether AAD client auth is enabled. It does not evaluate whether other types of client auth are disabled. Service Fabric clusters also have client certificate auth in addition to AAD client auth (see docs).
Is the original intent of the rule to just check whether AAD client auth is enabled or whether AAD client auth is the only client auth enabled?
Expected behavior
Based off the current description, the rule should also validate that client certificate authentication is not enabled in addition to AAD client auth being enabled. Otherwise, the description should be updated to reflect the functionality of the rule's evaluation and simply state that the rule checks whether AAD client auth is enabled.
Reproduction Steps
N/A
Environment
N/A
The text was updated successfully, but these errors were encountered: