From b0f61b2c81eeba7c534bba2b25a2b993247c97e6 Mon Sep 17 00:00:00 2001
From: Rakesh Kumar <rakku@microsoft.com>
Date: Tue, 23 Aug 2022 14:37:42 -0700
Subject: [PATCH] Disable authority validation only for ADFS

---
 Registration/RegisterWithAzure.psm1 | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/Registration/RegisterWithAzure.psm1 b/Registration/RegisterWithAzure.psm1
index e6e3732c..fdf63118 100644
--- a/Registration/RegisterWithAzure.psm1
+++ b/Registration/RegisterWithAzure.psm1
@@ -33,14 +33,15 @@ function Initialize-AzEnvironment{
     $fullUri = $CloudARMEndpoint.TrimEnd('/')+"/metadata/endpoints?api-version=2015-01-01"
     $response = Invoke-RestMethod -Uri $fullUri -ErrorAction Stop -UseBasicParsing -TimeoutSec 30 -Verbose
     Write-Verbose -Message "Endpoints: $(ConvertTo-Json $response)" -Verbose
+    $loginEndpoint = $response.authentication.loginEndpoint.TrimEnd('/') + "/"
     $endpoints = @{
-        ActiveDirectoryAuthority                 = $response.authentication.loginEndpoint.TrimEnd('/') + "/"
+        ActiveDirectoryAuthority                 = $loginEndpoint
         ActiveDirectoryServiceEndpointResourceId = $response.authentication.audiences[0]
         ResourceManagerUrl                       = $CloudARMEndpoint
         GalleryUrl                               = $response.galleryEndpoint
         GraphUrl                                 = $response.graphEndpoint
         GraphEndpointResourceId                  = $response.graphEndpoint
-        EnableAdfsAuthentication                 = $true
+        EnableAdfsAuthentication                 = $loginEndpoint.EndsWith('/adfs/', [System.StringComparison]::OrdinalIgnoreCase)
     }
     
     Remove-AzEnvironment -Name $Name -ErrorAction Ignore | Out-Null