Update to use lab app for automation (#4700)

* initial

* UseAppIdUri

* use lab vault

* LabVaultAccessCert

---------

Co-authored-by: Gladwin Johnson <gljohns@microsoft.com>

build/template-install-keyvault-secrets.yaml

@@ -7,13 +7,13 @@ steps:
   displayName: 'Connect to Key Vault'
   inputs:
     azureSubscription: 'AuthSdkResourceManager' # string. Workload identity service connection to use managed identity authentication
-    KeyVaultName: 'buildautomation' # string. Required. The name of the Key Vault containing the secrets.
-    #setting secrets filter to fetch only AzureADIdentityDivisionTestAgentCert cert from the vault
-    SecretsFilter: 'AzureADIdentityDivisionTestAgentCert' # string. Required. Specifies the secret to download. Use '*' for all secrets.
+    KeyVaultName: 'msidlabs' # string. Required. The name of the Key Vault containing the secrets.
+    #setting secrets filter to fetch only MSIDLABCertificate cert from the vault
+    SecretsFilter: 'LabVaultAccessCert' # string. Required. Specifies the secret to download. Use '*' for all secrets.
     #RunAsPreJob: false # boolean. Make secrets available to whole job. Default: false.
 
 - powershell: |
-   $kvSecretBytes = [System.Convert]::FromBase64String('$(AzureADIdentityDivisionTestAgentCert)')
+   $kvSecretBytes = [System.Convert]::FromBase64String('$(LabVaultAccessCert)')
    $certCollection = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection
    $certCollection.Import($kvSecretBytes, $null, [System.Security.Cryptography.X509Certificates.X509KeyStorageFlags]::Exportable)
 

tests/Microsoft.Identity.Test.Common/TestConstants.cs

@@ -32,7 +32,7 @@ public static HashSet<string> s_scope
         public static readonly string[] s_graphScopes = new[] { "user.read" };
         public const uint JwtToAadLifetimeInSeconds = 60 * 10; // Ten minutes
         public const string ClientCredentialAudience = "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47/v2.0";
-        public const string AutomationTestCertName = "AzureADIdentityDivisionTestAgentCert";
+        public const string AutomationTestCertName = "LabVaultAccessCert";
         public static Dictionary<string, string> AdditionalAssertionClaims =>
             new Dictionary<string, string>() { { "Key1", "Val1" }, { "Key2", "Val2" } };
 
@@ -229,7 +229,7 @@ public static IDictionary<string, string> ExtraQueryParameters
 
 
         public const string MsalCCAKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/AzureADIdentityDivisionTestAgentSecret/";
-        public const string MsalCCAKeyVaultSecretName = "AzureADIdentityDivisionTestAgentSecret";
+        public const string MsalCCAKeyVaultSecretName = "MSIDLABAccessSecret";
         public const string MsalOBOKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret/";
         public const string MsalOBOKeyVaultSecretName = "IdentityDivisionDotNetOBOServiceSecret";
         public const string MsalArlingtonOBOKeyVaultUri = "https://msidlabs.vault.azure.net:443/secrets/ARLMSIDLAB1-IDLASBS-App-CC-Secret";

tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/ClientCredentialsTests.cs

@@ -37,7 +37,7 @@ public class ClientCredentialsTests
     {
         private static readonly string[] s_scopes = { "User.Read" };
         private static readonly string[] s_keyvaultScope = { "https://vault.azure.net/.default" };
-        private const string PublicCloudConfidentialClientID = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8";
+        private const string PublicCloudConfidentialClientID = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
 
         private enum CredentialType
         {

tests/Microsoft.Identity.Test.Integration.netfx/HeadlessTests/PoPTests.cs

@@ -48,7 +48,7 @@ public class PoPTests
 
         private static readonly string[] s_keyvaultScope = { "https://vault.azure.net/.default" };
 
-        private const string PublicCloudConfidentialClientID = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8";
+        private const string PublicCloudConfidentialClientID = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
         private const string PublicCloudTestAuthority = "https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47";
         private const string ProtectedUrl = "https://www.contoso.com/path1/path2?queryParam1=a&queryParam2=b";
         private static string s_publicCloudCcaSecret;

tests/Microsoft.Identity.Test.Integration.netfx/Infrastructure/ConfidentialAppSettings.cs

@@ -37,7 +37,7 @@ public class ConfidentialAppSettings
     {
         private class PublicCloudConfidentialAppSettings : IConfidentialAppSettings
         {
-            public string ClientId => UseAppIdUri? "https://microsoft.onmicrosoft.com/aa3e634f-58b3-4eb7-b4ed-244c44c29c47" : "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8";
+            public string ClientId => UseAppIdUri? "https://request.msidlab.com" : "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
 
             public string TenantId => "72f988bf-86f1-41af-91ab-2d7cd011db47";
 

tests/Microsoft.Identity.Test.LabInfrastructure/LabAuthenticationHelper.cs

@@ -15,7 +15,7 @@ namespace Microsoft.Identity.Test.LabInfrastructure
 {
     public static class LabAuthenticationHelper
     {
-        private const string LabAccessConfidentialClientId = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8";
+        private const string LabAccessConfidentialClientId = "f62c5ae3-bf3a-4af5-afa8-a68b800396e9";
         private const string LabAccessPublicClientId = "3c1e0e0d-b742-45ba-a35e-01c664e14b16";
         private static LabAccessAuthenticationType s_defaultAuthType = LabAccessAuthenticationType.ClientCertificate;
         private static string s_secret;