TODO: Upgrade from ADAL to MSAL

Directions on Microsoft

Last week, Microsoft has announced the deprecation of the Azure Active Directory Authentication Library (ADAL). Going forward, the Microsoft Authentication Library (MSAL) is the supported way to provide authentication with Active Directory and Azure AD in applications.

                                                                   

What will happen?

Let’s look at the timeline shared by Microsoft:

End of Support Timeline for the Azure Active Directory Authentication Library (ADAL)

For the next two years, applications built on the Azure Active Directory Authentication library (ADAL) will continue to work. The version 1 endpoint, used by ADAL, is not shutting down for another two years. However, no new features will be made available to ADAL, only to MSAL. There will only be security updates for ADAL, going forward.

                                                        

Benefits of using MSAL

Now, you might ask yourself why you’d want to move to the Microsoft Authentication Library (MSAL) from the Azure Active Directory Authentication Library (ADAL), short from the deprecation notice above.

More secure and more resilient

Because MSAL uses the version 2 endpoint, it’s offers more secure and more resilient access to the information in Azure Active Directory.

New features

Microsoft will offer new authentication features and support for new programming languages, programming frameworks and runtimes to MSAL.

                                  

Drawbacks of using MSAL

There are, however,  a couple of drawbacks to using the Microsoft Authentication Library (MSAL) that might hinder your adoption of it:

AD FS Support

When you currently use the Azure Active Directory Authentication Library (ADAL) in combination with Active Directory Federation Services (AD FS) on Windows Server 2012 and Windows Server 2012 R2, then you might see ADAL around for a while, as AD FS on these Operating Systems doesn’t work with MSAL. For the Microsoft Authentication Library to work, you’ll need to upgrade AD FS to Windows Server 2016, or a newer version of Windows Server.

For some organizations still running Windows Server 2012 and Windows Server 2012 R2, this might come as a surprise, as Windows Server 2012 and Windows Server 2012 R2 remain in extended support until October 10th, 2023. The lifecycle of some AD FS implementations are now shortened by 15 months.

Support for programming languages, frameworks and runtimes

There are slight differences between the supported programming languages, frameworks and runtimes between the Microsoft Authentication Library (MSAL) and the Azure Active Directory Authentication Library (ADAL). Where both libraries support .Net, Objective C, Python, Android and JavaScript, MSAL currently doesn’t offer (full) support for Ruby, React, Node.JS and Apache Cordova.

If you’re using these latter runtimes, you might be waiting for a while to get a long-term supported way to incorporate authentication to Microsoft infrastructure for your application(s).

                                           

Possible impact when migrating

Apart from the AD FS implication above, there is little to no impact.

Both the Azure Active Directory Authentication Library (ADAL) and the Microsoft Authentication Library (MSAL) use the same client ID. Basically, you drop a new authentication library in your application, but the rest remains the same as far as coding goes.

           

Concluding

After today, the Azure Active Directory Authentication Library (ADAL) no longer receives new features. By switching engineering resources from ADAL to the Microsoft Authentication Library (MSAL) you may expect more frequent new features for the latter. You might see benefits that until now have been reserved for Microsoft’s own services and applications!

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.