Skip to content

Commit 113a437

Browse files
authored
Merge pull request #142 from AzureAD/refactor-e2e-tests
ADFS 2019 on-prem test cases
2 parents 7766d7c + 419ea70 commit 113a437

File tree

1 file changed

+45
-0
lines changed

1 file changed

+45
-0
lines changed

tests/test_e2e.py

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,10 @@ def get_session(lab_app, scopes): # BTW, this infrastructure tests the confiden
308308

309309
class LabBasedTestCase(E2eTestCase):
310310
_secrets = {}
311+
adfs2019_scopes = ["placeholder"] # Need this to satisfy MSAL API surface.
312+
# Internally, MSAL will also append more scopes like "openid" etc..
313+
# ADFS 2019 will issue tokens for valid scope only, by default "openid".
314+
# https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-faq#what-permitted-scopes-are-supported-by-ad-fs
311315

312316
@classmethod
313317
def setUpClass(cls):
@@ -366,6 +370,47 @@ def test_adfs2019_fed_user(self):
366370
self._test_username_password(
367371
password=self.get_lab_user_secret(config["lab_name"]), **config)
368372

373+
def test_ropc_adfs2019_onprem(self):
374+
config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
375+
config["authority"] = "https://fs.%s.com/adfs" % config["lab_name"]
376+
config["client_id"] = "PublicClientId"
377+
config["scope"] = self.adfs2019_scopes
378+
self._test_username_password(
379+
password=self.get_lab_user_secret(config["lab_name"]), **config)
380+
381+
@unittest.skipIf(os.getenv("TRAVIS"), "Browser automation is not yet implemented")
382+
def test_adfs2019_onprem_acquire_token_by_auth_code(self):
383+
"""When prompted, you can manually login using this account:
384+
385+
# https://msidlab.com/api/user?usertype=onprem&federationprovider=ADFSv2019
386+
username = "..." # The upn from the link above
387+
password="***" # From https://aka.ms/GetLabUserSecret?Secret=msidlabXYZ
388+
"""
389+
scopes = self.adfs2019_scopes
390+
config = self.get_lab_user(usertype="onprem", federationProvider="ADFSv2019")
391+
(self.app, ac, redirect_uri) = _get_app_and_auth_code(
392+
# Configuration is derived from https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/blob/4.7.0/tests/Microsoft.Identity.Test.Common/TestConstants.cs#L250-L259
393+
"PublicClientId",
394+
authority="https://fs.%s.com/adfs" % config["lab_name"],
395+
port=8080,
396+
scopes=scopes,
397+
)
398+
result = self.app.acquire_token_by_authorization_code(
399+
ac, scopes, redirect_uri=redirect_uri)
400+
logger.debug(
401+
"%s: cache = %s, id_token_claims = %s",
402+
self.id(),
403+
json.dumps(self.app.token_cache._cache, indent=4),
404+
json.dumps(result.get("id_token_claims"), indent=4),
405+
)
406+
self.assertIn(
407+
"access_token", result,
408+
"{error}: {error_description}".format(
409+
# Note: No interpolation here, cause error won't always present
410+
error=result.get("error"),
411+
error_description=result.get("error_description")))
412+
self.assertCacheWorksForUser(result, scopes, username=None)
413+
369414
@unittest.skipUnless(
370415
os.getenv("OBO_CLIENT_SECRET"),
371416
"Need OBO_CLIENT_SECRET from https://buildautomation.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret")

0 commit comments

Comments
 (0)