Skip to content

Commit

Permalink
Updating conditions for providing the IWA VPN message.
Browse files Browse the repository at this point in the history
  • Loading branch information
mijpeterson committed Sep 12, 2024
1 parent ea5bf2c commit eff2dab
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,23 @@ public async Task GetTokenIWA_MsalUIRequired_2FA()
authFlowResult.AuthFlowName.Should().Be("iwa");
}

[Test]
public async Task GetTokenIWA_WSTrustEndpointError()
{
this.SetupIWAWSTrustException();

// Act
AuthFlow.IntegratedWindowsAuthentication iwa = this.Subject();
var authFlowResult = await iwa.GetTokenAsync();

// Assert
authFlowResult.TokenResult.Should().Be(null);
authFlowResult.Errors.Should().HaveCount(1);
authFlowResult.Errors[0].Should().BeOfType(typeof(MsalClientException));
authFlowResult.Errors[0].As<MsalClientException>().ErrorCode.Should().Be("parsing_wstrust_response_failed");
authFlowResult.AuthFlowName.Should().Be("iwa");
}

[Test]
public async Task GetTokenIWA_MsalServiceException()
{
Expand Down Expand Up @@ -136,6 +153,13 @@ private void SetupIWAUIRequiredFor2FA()
.Throws(new MsalUiRequiredException("1", "AADSTS50076 MSAL UI Required Exception!"));
}

private void SetupIWAWSTrustException()
{
this.mockPca
.Setup((pca) => pca.GetTokenIntegratedWindowsAuthenticationAsync(Scopes, It.IsAny<CancellationToken>()))
.Throws(new MsalClientException("parsing_wstrust_response_failed", "WS-Trust endpoint not found"));
}

private void IWAServiceException()
{
this.mockPca
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ protected override async Task<TokenResult> GetTokenInnerAsync()
this.logger.LogWarning("Warning: IWA can pass this requirement if you log into Windows with either a Smart Card or Windows Hello.");
throw;
}
catch (MsalClientException ex) when (ex.Message.Contains("WS-Trust endpoint not found"))
catch (MsalClientException ex) when (ex.Message.Contains("WS-Trust endpoint not found") || ex.ErrorCode == "parsing_wstrust_response_failed")
{
this.logger.LogDebug($"IWA only works on corporate AD backed network, AzureAuth is trying to use other auth flows if applicable.");
this.logger.LogDebug($"Turn on VPN for IWA mode to succeed.");
Expand Down

0 comments on commit eff2dab

Please sign in to comment.