I'm currently trying to add the possibility to challenge claims that are thrown by a CA policy.
This is simply done with some C# code from the MSAL .NET library
From my what I have tried the only way I seem to be able to trigger a CA claim challenge is by having the device managed. For Android this means using the company portal and setting up a work profile.
However I want to test the code first before pushing it into production. I was wondering does anyone have experience with how to CA claim challenges locally/in debug mode?
I have already tried using MFA, but it doesn't seem to trigger the required claim challenge.
Code is shown here, in case it helps
try
{
bool useEmbbedView = ServiceLocator.Default.GetService<IDeviceInfo>().DevicePlatform == PlatformType.Windows ? true : !_publicClientApp.IsSystemWebViewAvailable;
_tokenInteractiveParameterBuilder = _publicClientApp.AcquireTokenInteractive(_azureResources.Scopes)
.WithPrompt(Prompt.ForceLogin)
.WithUseEmbeddedWebView(useEmbbedView);
if (!string.IsNullOrEmpty(loginHint))
{
_tokenInteractiveParameterBuilder = _loggedInAccount == null
? _tokenInteractiveParameterBuilder.WithLoginHint(loginHint)
: _tokenInteractiveParameterBuilder.WithAccount(_loggedInAccount);
}
AuthenticationResult authenticationResult = await _tokenInteractiveParameterBuilder.ExecuteAsync();
return AuthenticationState.CreateAzureAuthenticationState(authenticationResult, AuthenticationStateResult.Success);
}
catch(MsalServiceException msalServiceException) when (msalServiceException.Claims != null)
{
// Handle the claims challenge
string claimsChallenge = msalServiceException.Claims;
AuthenticationResult authenticationResult = await _tokenInteractiveParameterBuilder.WithClaims(claimsChallenge).ExecuteAsync();
return AuthenticationState.CreateAzureAuthenticationState(authenticationResult, AuthenticationStateResult.Success);
}
A proper debugging option doesn't seem to be available. So I did the next best thing available.
I can now test my local build.