s-KaiNet
SPGo Usage error for ADFS
An SPGo user, @LuisPeregrinaPSL, reported an issue with SPGo and ADFS configuration. We traced it down to node-sp-auth, via sppull, and
The error in SPGo is: sppull-> [31mCannot read property 'map' of undefined�
When running the sample app below, there is an error reported in AdfsCredentials.ts on line 55.
I'm going to try to continue gathering data about the error and I'll update this issue as I have it.
Here is a sample app.
package.json:
{
"name": "sharepoint",
"version": "1.0.0",
"description": "",
"main": "index.js",
"scripts": {
"start": "node index.js"
},
"author": "",
"license": "ISC",
"dependencies": {
"sppull": "^2.6.6"
}
}
index.js:
const { sppull } = require("sppull");
const context = {
siteUrl: "https://xxx.sharepoint.com/sites/xxx",
creds: {
username: "xxx@xxx",
password: "xxx",
relyingParty: "urn:federation:MicrosoftOnline",
adfsUrl: "https://xxx/adfs/ls/"
}
};
const options = {
spRootFolder: "/xxx/",
dlRootFolder: "./src"
};
sppull(context, options)
.then((downloadResults) => {
console.log("Files are downloaded");
console.log("For more, please check the results", JSON.stringify(downloadResults));
})
.catch((err) => {
console.log("Core error has happened", err);
});
Did they try passing only username/pass? In SPO, all other params could be resolved with the library https://github.com/s-KaiNet/node-sp-auth/wiki/ADFS-user-credentials-authentication#for-sharepoint-online
Having a similar issue. In my case everything worked until my company switched to PingFederate and WS-Federated/WS-Trust for identity management so it is no longer using Microsoft ADFS. I have run node-sp-auth in node.js debug mode to eliminate SPGo from the scenarios with just passing username and password. Instead of getting the XML payload from SP the code in AdfsHelper.js is getting an HTML error page from PingFederate. We are not using MFA. They have a ticket open and are not sure what is going on either. The code that creates the issue is:
return config_1.request.post(usernameMixedUrl, { body: samlBody,
resolveBodyOnly: true,
headers: {
'Content-Length': samlBody.length.toString(),
'Content-Type': 'application/soap+xml; charset=utf-8'
}
})
PingFederate is something that has different (from OOTB ADFS) authentication flow and not implemented in node-sp-auth. There are two reasons for this: rare requests with PingFederate have been emerging, and we have no environment with it to implement and then maintain tests. Also, there is a workaround - on-demand auth strategy (with Electron installed, node-sp-auth opens a web view to prompt creds then takes cookies), but I'm not sure VSCode extensions can use it.
Thank you
I think I read the extension cannot use the dialogue. I’ll do some more research there. I’ll reach out to SPgo developer to share this.
Sent from my iPhone
On Sep 2, 2020, at 11:03 PM, Andrew Koltyakov [email protected] wrote:
PingFederate is something that has different (from OOTB ADFS) authentication flow and not implemented in node-sp-auth. There are two reasons for this rare requests with PingFederate have been emerged we have no environment with it to implement and then maintain tests. Also, there is a workaround - on-demand auth strategy (with Electron installed, node-sp-auth opens a web view to prompt creds then takes cookies), but I'm not sure VSCode extensions can use it.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.