From 068f6cbbef3e9a77f66268b1919254f6cb285a4b Mon Sep 17 00:00:00 2001 From: Travis Walker Date: Thu, 2 Apr 2020 03:59:41 -0700 Subject: [PATCH] Enabling Arlington automation tests (#1672) * adding Arlington USGov tests * Adding ROPC and OBO test for arlington * Addressing PR comments * clean up * Addressing comments * Fixing tests * Fixing test Co-authored-by: trwalke --- .../TestConstants.cs | 2 + .../ConfidentialClientIntegrationTests.cs | 127 +++++++++++++----- .../UsernamePasswordIntegrationTests.cs | 30 +++-- .../DeviceCodeFlowIntegrationTest.cs | 30 ++++- .../SeleniumTests/InteractiveFlowTests.cs | 16 +++ .../LabUser.cs | 3 + .../LabUserHelper.cs | 23 ++++ .../UserQueryParameters.cs | 6 + .../Properties/AndroidManifest.xml | 3 + .../devapps/XamarinDev/XamarinDev/App.xaml.cs | 4 +- 10 files changed, 198 insertions(+), 46 deletions(-) diff --git a/tests/Microsoft.Identity.Test.Common/TestConstants.cs b/tests/Microsoft.Identity.Test.Common/TestConstants.cs index da59e88ebf..3b16a24922 100644 --- a/tests/Microsoft.Identity.Test.Common/TestConstants.cs +++ b/tests/Microsoft.Identity.Test.Common/TestConstants.cs @@ -146,8 +146,10 @@ public static IDictionary ExtraQueryParameters public const string MsalCCAKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/AzureADIdentityDivisionTestAgentSecret/"; public const string MsalOBOKeyVaultUri = "https://buildautomation.vault.azure.net/secrets/IdentityDivisionDotNetOBOServiceSecret/"; + public const string MsalArlingtonOBOKeyVaultUri = "https://msidlabs.vault.azure.net:443/secrets/ARLMSIDLAB1-IDLASBS-App-CC-Secret"; public const string FociApp1 = "https://buildautomation.vault.azure.net/secrets/automation-foci-app1/"; public const string FociApp2 = "https://buildautomation.vault.azure.net/secrets/automation-foci-app2/"; + public const string MsalArlingtonCCAKeyVaultUri = "https://msidlabs.vault.azure.net:443/secrets/ARLMSIDLAB1-IDLASBS-App-CC-Secret"; public enum AuthorityType { B2C }; public static string[] s_prodEnvAliases = new string[] { diff --git a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs index 3645cbac31..3ecdaf1cb5 100644 --- a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/ConfidentialClientIntegrationTests.cs @@ -31,18 +31,28 @@ namespace Microsoft.Identity.Test.Integration.HeadlessTests public class ConfidentialClientIntegrationTests { private static readonly string[] s_scopes = { "User.Read" }; - private static readonly string[] s_oboServiceScope = { "api://23c64cd8-21e4-41dd-9756-ab9e2c23f58c/access_as_user" }; + private static readonly string[] s_publicCloudOBOServiceScope = { "api://23c64cd8-21e4-41dd-9756-ab9e2c23f58c/access_as_user" }; + private static readonly string[] s_arlingtonOBOServiceScope = { "https://arlmsidlab1.us/IDLABS_APP_Confidential_Client/user_impersonation" }; private static readonly string[] s_keyvaultScope = { "https://vault.azure.net/.default" }; private static readonly string[] s_adfsScopes = { "openid", "profile" }; //TODO: acquire scenario specific client ids from the lab resonse - private const string ConfidentialClientID = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8"; + private const string PublicCloudPublicClientIDOBO = "be9b0186-7dfd-448a-a944-f771029105bf"; + private const string PublicCloudConfidentialClientIDOBO = "23c64cd8-21e4-41dd-9756-ab9e2c23f58c"; + private const string PublicCloudConfidentialClientID = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8"; + private const string ArlingtonConfidentialClientIDOBO = "c0555d2d-02f2-4838-802e-3463422e571d"; + private const string ArlingtonPublicClientIDOBO = "cb7faed4-b8c0-49ee-b421-f5ed16894c83"; + private const string ArlingtonAuthority = "https://login.microsoftonline.us/45ff0c17-f8b5-489b-b7fd-2fedebbec0c4"; + + private const string PublicCloudHost = "https://login.microsoftonline.com/"; + private const string ArlingtonCloudHost = "https://login.microsoftonline.us/"; private const string RedirectUri = "https://login.microsoftonline.com/common/oauth2/nativeclient"; - private const string TestAuthority = "https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47"; + private const string PublicCloudTestAuthority = "https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47"; private const string AdfsCertName = "IDLABS-APP-Confidential-Client-Cert-OnPrem"; private KeyVaultSecretsProvider _keyVault; - private string _ccaSecret; + private static string _publicCloudCcaSecret; + private static string _arlingtonCCASecret; [ClassInitialize] public static void ClassInitialize(TestContext context) @@ -58,7 +68,8 @@ public void TestInitialize() if (_keyVault == null) { _keyVault = new KeyVaultSecretsProvider(); - _ccaSecret = _keyVault.GetSecret(TestConstants.MsalCCAKeyVaultUri).Value; + _publicCloudCcaSecret = _keyVault.GetSecret(TestConstants.MsalCCAKeyVaultUri).Value; + _arlingtonCCASecret = _keyVault.GetSecret(TestConstants.MsalArlingtonCCAKeyVaultUri).Value; } } @@ -67,7 +78,7 @@ public void TestInitialize() public async Task GetAuthorizationRequestUrl_ReturnsUri_Async() { var cca = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithRedirectUri(RedirectUri) .Build(); @@ -82,7 +93,7 @@ public async Task GetAuthorizationRequestUrl_ReturnsUri_Async() CoreAssert.AreEqual("offline_access openid profile User.Read", uriParams1["scope"], uriParams2["scope"]); CoreAssert.AreEqual("code", uriParams1["response_type"], uriParams2["response_type"]); - CoreAssert.AreEqual(ConfidentialClientID, uriParams1["client_id"], uriParams2["client_id"]); + CoreAssert.AreEqual(PublicCloudConfidentialClientID, uriParams1["client_id"], uriParams2["client_id"]); CoreAssert.AreEqual(RedirectUri, uriParams1["redirect_uri"], uriParams2["redirect_uri"]); CoreAssert.AreEqual("select_account", uriParams1["prompt"], uriParams2["prompt"]); @@ -98,10 +109,10 @@ public async Task ConfidentialClientWithCertificateTestAsync() AuthenticationResult authResult; IConfidentialClientApplication confidentialApp; X509Certificate2 cert = GetCertificate(); - var confidentialClientAuthority = TestAuthority; + var confidentialClientAuthority = PublicCloudTestAuthority; confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithCertificate(cert) .Build(); @@ -134,10 +145,10 @@ public async Task ConfidentialClientWithRSACertificateTestAsync() AuthenticationResult authResult; IConfidentialClientApplication confidentialApp; X509Certificate2 cert = GetCertificate(true); - var confidentialClientAuthority = TestAuthority; + var confidentialClientAuthority = PublicCloudTestAuthority; confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithCertificate(cert) .Build(); @@ -166,12 +177,27 @@ public async Task ConfidentialClientWithRSACertificateTestAsync() [TestMethod] public async Task ConfidentialClientWithClientSecretTestAsync() { - var confidentialClientAuthority = TestAuthority; + await RunTestWithClientSecretAsync(PublicCloudConfidentialClientID, + PublicCloudTestAuthority, + _publicCloudCcaSecret).ConfigureAwait(false); + } + + [TestMethod] + public async Task ArlingtonConfidentialClientWithClientSecretTestAsync() + { + await RunTestWithClientSecretAsync(ArlingtonConfidentialClientIDOBO, + ArlingtonAuthority, + _arlingtonCCASecret).ConfigureAwait(false); + } + + public async Task RunTestWithClientSecretAsync(string clientID, string authority, string secret) + { + var confidentialClientAuthority = authority; var confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(clientID) .WithAuthority(new Uri(confidentialClientAuthority), true) - .WithClientSecret(_ccaSecret) + .WithClientSecret(secret) .Build(); var appCacheRecorder = confidentialApp.AppTokenCache.RecordAccess(); @@ -196,13 +222,13 @@ public async Task ConfidentialClientWithClientSecretTestAsync() [TestMethod] public async Task ConfidentialClientWithNoDefaultClaimsTestAsync() { - var confidentialClientAuthority = TestAuthority; + var confidentialClientAuthority = PublicCloudTestAuthority; var claims = GetClaims(); X509Certificate2 cert = GetCertificate(); var confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithClientClaims(cert, claims, false) .Build(); @@ -219,13 +245,13 @@ public async Task ConfidentialClientWithNoDefaultClaimsTestAsync() [TestMethod] public async Task ConfidentialClientWithDefaultClaimsTestAsync() { - var confidentialClientAuthority = TestAuthority; + var confidentialClientAuthority = PublicCloudTestAuthority; var claims = GetClaims(false); X509Certificate2 cert = GetCertificate(); var confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) .WithClientClaims(cert, claims) .Build(); @@ -247,13 +273,13 @@ public async Task ConfidentialClientWithDefaultClaimsTestAsync() [TestMethod] public async Task ConfidentialClientWithSignedAssertionTestAsync() { - var confidentialClientAuthority = TestAuthority; + var confidentialClientAuthority = PublicCloudTestAuthority; var claims = GetClaims(); var confidentialApp = ConfidentialClientApplicationBuilder - .Create(ConfidentialClientID) + .Create(PublicCloudConfidentialClientID) .WithAuthority(new Uri(confidentialClientAuthority), true) - .WithClientAssertion(GetSignedClientAssertionUsingMsalInternal(ConfidentialClientID, claims)) + .WithClientAssertion(GetSignedClientAssertionUsingMsalInternal(PublicCloudConfidentialClientID, claims)) .Build(); var appCacheRecorder = confidentialApp.AppTokenCache.RecordAccess(); @@ -312,10 +338,10 @@ private static IDictionary GetClaims(bool useDefaultClaims = tru { { "aud", TestConstants.ClientCredentialAudience }, { "exp", exp.ToString(CultureInfo.InvariantCulture) }, - { "iss", ConfidentialClientID.ToString(CultureInfo.InvariantCulture) }, + { "iss", PublicCloudConfidentialClientID.ToString(CultureInfo.InvariantCulture) }, { "jti", Guid.NewGuid().ToString() }, { "nbf", nbf.ToString(CultureInfo.InvariantCulture) }, - { "sub", ConfidentialClientID.ToString(CultureInfo.InvariantCulture) }, + { "sub", PublicCloudConfidentialClientID.ToString(CultureInfo.InvariantCulture) }, { "ip", "192.168.2.1" } }; } @@ -361,6 +387,12 @@ public async Task WebAPIAccessingGraphOnBehalfOfUserTestAsync() } [TestMethod] + public async Task ArlingtonWebAPIAccessingGraphOnBehalfOfUserTestAsync() + { + var labResponse = await LabUserHelper.GetArlingtonUserAsync().ConfigureAwait(false); + await RunOnBehalfOfTestAsync(labResponse).ConfigureAwait(false); + } + [TestCategory(TestCategories.ADFS)] public async Task WebAPIAccessingGraphOnBehalfOfADFS2019UserTestAsync() { @@ -470,25 +502,52 @@ private static string GetSignedClientAssertionUsingWilson( private async Task RunOnBehalfOfTestAsync(LabResponse labResponse) { - var user = labResponse.User; + LabUser user = labResponse.User; + string oboHost; + string secret; + string authority; + string publicClientID; + string confidentialClientID; + string[] oboScope; + + switch (labResponse.User.AzureEnvironment) + { + case AzureEnvironment.azureusgovernment: + oboHost = ArlingtonCloudHost; + secret = _keyVault.GetSecret(TestConstants.MsalArlingtonOBOKeyVaultUri).Value; + authority = labResponse.Lab.Authority + "organizations"; + publicClientID = ArlingtonPublicClientIDOBO; + confidentialClientID = ArlingtonConfidentialClientIDOBO; + oboScope = s_arlingtonOBOServiceScope; + break; + default: + oboHost = PublicCloudHost; + secret = _keyVault.GetSecret(TestConstants.MsalOBOKeyVaultUri).Value; + authority = TestConstants.AuthorityOrganizationsTenant; + publicClientID = PublicCloudPublicClientIDOBO; + confidentialClientID = PublicCloudConfidentialClientIDOBO; + oboScope = s_publicCloudOBOServiceScope; + break; + } - var secret = _keyVault.GetSecret(TestConstants.MsalOBOKeyVaultUri).Value; //TODO: acquire scenario specific client ids from the lab resonse - var publicClientID = "be9b0186-7dfd-448a-a944-f771029105bf"; - var oboConfidentialClientID = "23c64cd8-21e4-41dd-9756-ab9e2c23f58c"; SecureString securePassword = new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword; - var msalPublicClient = PublicClientApplicationBuilder.Create(publicClientID).WithAuthority(TestConstants.AuthorityOrganizationsTenant).WithRedirectUri(TestConstants.RedirectUri).Build(); + var msalPublicClient = PublicClientApplicationBuilder.Create(publicClientID) + .WithAuthority(authority) + .WithRedirectUri(TestConstants.RedirectUri) + .Build(); - AuthenticationResult authResult = await msalPublicClient - .AcquireTokenByUsernamePassword(s_oboServiceScope, user.Upn, securePassword) - .ExecuteAsync(CancellationToken.None) - .ConfigureAwait(false); + var builder = msalPublicClient.AcquireTokenByUsernamePassword(oboScope, user.Upn, securePassword); + + builder.WithAuthority(authority); + + var authResult = await builder.ExecuteAsync().ConfigureAwait(false); var confidentialApp = ConfidentialClientApplicationBuilder - .Create(oboConfidentialClientID) - .WithAuthority(new Uri("https://login.microsoftonline.com/" + authResult.TenantId), true) + .Create(confidentialClientID) + .WithAuthority(new Uri(oboHost + authResult.TenantId), true) .WithClientSecret(secret) .Build(); diff --git a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/UsernamePasswordIntegrationTests.cs b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/UsernamePasswordIntegrationTests.cs index a2815c254d..6adb3836a2 100644 --- a/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/UsernamePasswordIntegrationTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.net45/HeadlessTests/UsernamePasswordIntegrationTests.cs @@ -13,7 +13,7 @@ using Microsoft.Identity.Test.Common.Core.Helpers; using Microsoft.Identity.Test.Integration.net45.Infrastructure; using Microsoft.Identity.Test.LabInfrastructure; -using Microsoft.Identity.Test.Unit; +using Microsoft.Identity.Test.Unit; using Microsoft.VisualStudio.TestTools.UnitTesting; namespace Microsoft.Identity.Test.Integration.HeadlessTests @@ -59,6 +59,20 @@ public async Task ROPC_AAD_Async() await RunHappyPathTestAsync(labResponse).ConfigureAwait(false); } + [TestMethod] + public async Task ARLINGTON_ROPC_AAD_Async() + { + var labResponse = await LabUserHelper.GetArlingtonUserAsync().ConfigureAwait(false); + await RunHappyPathTestAsync(labResponse).ConfigureAwait(false); + } + + [TestMethod] + public async Task ARLINGTON_ROPC_ADFS_Async() + { + var labResponse = await LabUserHelper.GetArlingtonADFSUserAsync().ConfigureAwait(false); + await RunHappyPathTestAsync(labResponse).ConfigureAwait(false); + } + [TestMethod] public async Task ROPC_ADFSv4Federated_Async() { @@ -82,8 +96,8 @@ public async Task AcquireTokenFromAdfsUsernamePasswordAsync() var user = labResponse.User; SecureString securePassword = new NetworkCredential("", user.GetOrFetchPassword()).SecurePassword; - - var msalPublicClient = PublicClientApplicationBuilder.Create(Adfs2019LabConstants.PublicClientId).WithAdfsAuthority(Adfs2019LabConstants.Authority).Build(); + + var msalPublicClient = PublicClientApplicationBuilder.Create(Adfs2019LabConstants.PublicClientId).WithAdfsAuthority(Adfs2019LabConstants.Authority).Build(); AuthenticationResult authResult = await msalPublicClient.AcquireTokenByUsernamePassword(s_scopes, user.Upn, securePassword).ExecuteAsync().ConfigureAwait(false); Assert.IsNotNull(authResult); Assert.IsNotNull(authResult.AccessToken); @@ -172,7 +186,7 @@ private async Task CheckTelemetryHeadersAsync( Assert.IsNotNull(authResult.AccessToken); Assert.IsNotNull(authResult.IdToken); Assert.IsTrue(string.Equals(labResponse.User.Upn, authResult.Account.Username, StringComparison.InvariantCultureIgnoreCase)); - AssertTelemetryHeaders(factory, true); + AssertTelemetryHeaders(factory, true, labResponse); } private async Task RunAcquireTokenWithUsernameIncorrectPasswordAsync( @@ -209,8 +223,8 @@ private async Task RunHappyPathTestAsync(LabResponse labResponse) var factory = new HttpSnifferClientFactory(); var msalPublicClient = PublicClientApplicationBuilder .Create(labResponse.App.AppId) - .WithAuthority(Authority) .WithHttpClientFactory(factory) + .WithAuthority(labResponse.Lab.Authority, "organizations") .Build(); AuthenticationResult authResult = await msalPublicClient @@ -223,7 +237,7 @@ private async Task RunHappyPathTestAsync(LabResponse labResponse) Assert.IsNotNull(authResult.AccessToken); Assert.IsNotNull(authResult.IdToken); Assert.IsTrue(string.Equals(labResponse.User.Upn, authResult.Account.Username, StringComparison.InvariantCultureIgnoreCase)); - AssertTelemetryHeaders(factory, false); + AssertTelemetryHeaders(factory, false, labResponse); // If test fails with "user needs to consent to the application, do an interactive request" error, // Do the following: // 1) Add in code to pull the user's password before creating the SecureString, and put a breakpoint there. @@ -233,9 +247,9 @@ private async Task RunHappyPathTestAsync(LabResponse labResponse) // 4) After successful log-in, remove the password line you added in with step 1, and run the integration test again. } - private void AssertTelemetryHeaders(HttpSnifferClientFactory factory, bool IsFailure) + private void AssertTelemetryHeaders(HttpSnifferClientFactory factory, bool IsFailure, LabResponse labResponse) { - var (req, res) = factory.RequestsAndResponses.Single(x => x.Item1.RequestUri.AbsoluteUri == "https://login.microsoftonline.com/organizations/oauth2/v2.0/token" && + var (req, res) = factory.RequestsAndResponses.Single(x => x.Item1.RequestUri.AbsoluteUri == labResponse.Lab.Authority + "organizations/oauth2/v2.0/token" && x.Item2.StatusCode == HttpStatusCode.OK); var telemetryLastValue = req.Headers.Single(h => h.Key == TelemetryConstants.XClientLastTelemetry).Value; diff --git a/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/DeviceCodeFlowIntegrationTest.cs b/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/DeviceCodeFlowIntegrationTest.cs index c6be9e9251..a651b7725b 100644 --- a/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/DeviceCodeFlowIntegrationTest.cs +++ b/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/DeviceCodeFlowIntegrationTest.cs @@ -9,7 +9,6 @@ using Microsoft.Identity.Test.Common.Core.Helpers; using Microsoft.Identity.Test.Integration.Infrastructure; using Microsoft.Identity.Test.LabInfrastructure; -using Microsoft.Identity.Test.Unit; using Microsoft.VisualStudio.TestTools.UnitTesting; namespace Microsoft.Identity.Test.Integration.SeleniumTests @@ -50,6 +49,14 @@ public async Task DeviceCodeFlowTestAsync() await AcquireTokenWithDeviceCodeFlowAsync(labResponse, "aad user").ConfigureAwait(false); } + [TestMethod] + [Timeout(2 * 60 * 1000)] // 2 min timeout + public async Task ArlingtonDeviceCodeFlowTestAsync() + { + LabResponse labResponse = await LabUserHelper.GetArlingtonUserAsync().ConfigureAwait(false); + await AcquireTokenWithDeviceCodeFlowAsync(labResponse, "aad user").ConfigureAwait(false); + } + [TestMethod] [Timeout(2 * 60 * 1000)] // 2 min timeout public async Task DeviceCodeFlowAdfsTestAsync() @@ -59,6 +66,14 @@ public async Task DeviceCodeFlowAdfsTestAsync() await AcquireTokenWithDeviceCodeFlowAsync(labResponse, "adfs user").ConfigureAwait(false); } + [TestMethod] + [Timeout(2 * 60 * 1000)] // 2 min timeout + public async Task ArlingtonDeviceCodeFlowAdfsTestAsync() + { + LabResponse labResponse = await LabUserHelper.GetArlingtonADFSUserAsync().ConfigureAwait(false); + await AcquireTokenWithDeviceCodeFlowAsync(labResponse, "adfs user").ConfigureAwait(false); + } + [TestMethod] [Timeout(2 * 60 * 1000)] // 2 min timeout public async Task DeviceCodeFlowMsaTestAsync() @@ -71,7 +86,18 @@ public async Task DeviceCodeFlowMsaTestAsync() private async Task AcquireTokenWithDeviceCodeFlowAsync(LabResponse labResponse, string userType) { Trace.WriteLine($"Calling AcquireTokenWithDeviceCodeAsync with {0}", userType); - var pca = PublicClientApplicationBuilder.Create(labResponse.App.AppId).Build(); + var builder = PublicClientApplicationBuilder.Create(labResponse.App.AppId); + + switch (labResponse.User.AzureEnvironment) + { + case AzureEnvironment.azureusgovernment: + builder.WithAuthority(labResponse.Lab.Authority + labResponse.Lab.TenantId); + break; + default: + break; + } + + var pca = builder.Build(); var userCacheAccess = pca.UserTokenCache.RecordAccess(); var result = await pca.AcquireTokenWithDeviceCode(s_scopes, deviceCodeResult => diff --git a/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/InteractiveFlowTests.cs b/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/InteractiveFlowTests.cs index 14275c236e..8fca195b4b 100644 --- a/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/InteractiveFlowTests.cs +++ b/tests/Microsoft.Identity.Test.Integration.net45/SeleniumTests/InteractiveFlowTests.cs @@ -54,6 +54,14 @@ public async Task Interactive_AADAsync() await RunTestForUserAsync(labResponse).ConfigureAwait(false); } + [TestMethod] + public async Task Arlington_Interactive_AADAsync() + { + // Arrange + LabResponse labResponse = await LabUserHelper.GetArlingtonUserAsync().ConfigureAwait(false); + await RunTestForUserAsync(labResponse, false).ConfigureAwait(false); + } + [TestMethod] public async Task Interactive_MsaUser_Async() { @@ -101,6 +109,13 @@ public async Task Interactive_AdfsV2019_FederatedAsync() await RunTestForUserAsync(labResponse).ConfigureAwait(false); } + [TestMethod] + public async Task Arlington_Interactive_AdfsV2019_FederatedAsync() + { + LabResponse labResponse = await LabUserHelper.GetArlingtonADFSUserAsync().ConfigureAwait(false); + await RunTestForUserAsync(labResponse, false).ConfigureAwait(false); + } + #endif [TestMethod] @@ -174,6 +189,7 @@ private async Task RunTestForUserAsync(LabResponse labResp pca = PublicClientApplicationBuilder .Create(labResponse.App.AppId) .WithRedirectUri(SeleniumWebUI.FindFreeLocalhostRedirectUri()) + .WithAuthority(labResponse.Lab.Authority + "common") .Build(); } diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUser.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUser.cs index 59942ab1ab..c3b09f5e40 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUser.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUser.cs @@ -50,6 +50,9 @@ public class LabUser [JsonProperty("appid")] public string AppId { get; set; } + [JsonProperty("azureenvironment")] + public AzureEnvironment AzureEnvironment { get; set; } + public string GetOrFetchPassword() { if (_password == null) diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs index 8ab6a3c2b1..6c2c237384 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/LabUserHelper.cs @@ -85,6 +85,29 @@ public static Task GetSpecificUserAsync(string upn) return GetLabUserDataAsync(query); } + public static Task GetArlingtonUserAsync() + { + var response = GetLabUserDataAsync(UserQuery.ArlingtonUserQuery); + if (response.Result.User.AzureEnvironment != AzureEnvironment.azureusgovernment) + { + response.Result.User.AzureEnvironment = AzureEnvironment.azureusgovernment; + } + return response; + } + + public static Task GetArlingtonADFSUserAsync() + { + var query = UserQuery.ArlingtonUserQuery; + query.UserType = UserType.Federated; + var response = GetLabUserDataAsync(query); + + if (response.Result.User.AzureEnvironment != AzureEnvironment.azureusgovernment) + { + response.Result.User.AzureEnvironment = AzureEnvironment.azureusgovernment; + } + return response; + } + public static Task GetAdfsUserAsync(FederationProvider federationProvider, bool federated = true) { var query = UserQuery.PublicAadUserQuery; diff --git a/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs b/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs index efe77caa31..6081b38774 100644 --- a/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs +++ b/tests/Microsoft.Identity.Test.LabInfrastructure/UserQueryParameters.cs @@ -53,6 +53,12 @@ public class UserQuery B2CIdentityProvider = LabInfrastructure.B2CIdentityProvider.MSA }; + public static UserQuery ArlingtonUserQuery => new UserQuery + { + UserType = LabInfrastructure.UserType.Cloud, + AzureEnvironment = LabInfrastructure.AzureEnvironment.azureusgovernment + }; + // generated code, re-generate or update manually if you change the members of this class ! #region Equals and GetHashCode public override bool Equals(object obj) diff --git a/tests/devapps/XamarinDev/XamarinDev.Android/Properties/AndroidManifest.xml b/tests/devapps/XamarinDev/XamarinDev.Android/Properties/AndroidManifest.xml index 09a17f1a70..24de3df288 100644 --- a/tests/devapps/XamarinDev/XamarinDev.Android/Properties/AndroidManifest.xml +++ b/tests/devapps/XamarinDev/XamarinDev.Android/Properties/AndroidManifest.xml @@ -11,6 +11,9 @@ + diff --git a/tests/devapps/XamarinDev/XamarinDev/App.xaml.cs b/tests/devapps/XamarinDev/XamarinDev/App.xaml.cs index bb6a16cdf6..122903cfca 100644 --- a/tests/devapps/XamarinDev/XamarinDev/App.xaml.cs +++ b/tests/devapps/XamarinDev/XamarinDev/App.xaml.cs @@ -14,7 +14,7 @@ public partial class App : Application public static object RootViewController { get; set; } - public const string DefaultClientId = "4a1aa1d5-c567-49d0-ad0b-cd957a47f842"; // in msidentity-samples-testing tenant -> PublicClientSample + public const string DefaultClientId = "16dab2ba-145d-4b1b-8569-bf4b9aed4dc8"; // in msidentity-samples-testing tenant -> PublicClientSample public const string B2cClientId = "e3b9ad76-9763-4827-b088-80c7a7888f79"; @@ -27,7 +27,7 @@ public static string BrokerRedirectUri case Device.iOS: return "msauth.com.companyname.XamarinDev://auth"; case Device.Android: - return "msauth://com.companyname.xamarindev/t+Bk/nrTiK6yhmUDgd80TS5ZZT8="; + return "msauth://com.companyname.xamarindev/FHNONvDstzaj3bKe2+WAEGZOwJI="; default: throw new InvalidOperationException("Broker only supported on ios and android"); }