Trying to write an automated test for a website that uses federated auth with ADFS.
In my Ci/CD pipeline I will not be running in an authenticated Windows context so my Playwright tests will encounter an ADFS credentials prompt, BUT when developing the tests we are working in an authenticated context and Windows Pass-through auth will kick in (NTLM is my guess).
How can I prevent that?
With a previous set of tests that I wrote using NightwatchJS the trick I used was to send a custom UserAgent string of a browser that is not registered in ADFS as being a browser that is supported for the NTLM challenge flow. (it was Opera Mini btw)
With Playwright the same trick doesn't work apparently, and I was hoping there is something better out there.
What I tried:
context = await browser.newContext({
userAgent: 'Opera/9.80 (Android; Opera Mini/12.0.1987/37.7327; U; pl) Presto/2.12.423 Version/12.16'
})
So.....after some more digging, after asking the correct question, which in the end was:
"How to disable Windows Integrated Authentication in Chrome?"
I found this checklist for conditions and this answer on SO.
The fix was to add a startup arg to chromium to disable WIA. Here's the important bit below:
browser = await chromium.launch({
args: ['--auth-server-whitelist="_"'],
});
This will make chrome present a basic auth prompt for credentials.
However, when I combined this with the custom userAgent string that is not amongst the useragents supported by the ADFS server, I managed to reach the login page of ADFS.
Again, OperaMini worked for me:
context = await browser.newContext({
userAgent: 'Opera/9.80 (Android; Opera Mini/12.0.1987/37.7327; U; pl) Presto/2.12.423 Version/12.16'
})