search

koltyakov / gosip

⚡️ SharePoint SDK for Go
https://go.spflow.com
MIT License
140 stars 32 forks source link

unsupported SharePoint Online for ADFS auth #54

Closed zubairk14 closed 1 year ago

zubairk14 commented 1 year ago

Describe the bug If ADFS Url is empty (which is documented as not required in SharePoint Online) auth fails with ":///adfs/services/trust/13/usernamemixed": missing protocol scheme in func adfsAuthFlow https://github.com/koltyakov/gosip/blob/bc92c0983a11a7c720226b73859d26b6716be39d/auth/adfs/helpers.go#L77 since domain/host/scheme is empty.

I tried plugging in my regular SharePoint Online domain in adfsurl, but then I received dial tcp: lookup adfs: no such host

Unless I'm missing something, it appears that SharePoint Online ADFS Auth will only work if adfs link passed in.

Versions SharePoint Online

To Reproduce Steps to reproduce the behavior. Code sample, or a clonable temp repository link with scaffolding instructions. sample credentials used for adfs auth strategy

{
  "siteUrl": "https://trufflesecurity.sharepoint.com/sites/site-name",
  "username": "zoo@trufflesecurity.onmicrosoft.com",
  "password": "not-real-password",
  "adfsUrl": "https://trufflesecurity.sharepoint.com"
}

and 

{
  "siteUrl": "https://trufflesecurity.sharepoint.com/sites/site-name",
  "username": "zoo@trufflesecurity.onmicrosoft.com",
  "password": "not-real-password",
}

while importing auth/adfs as my strategy

import (
    "fmt"
    "log"

    "github.com/koltyakov/gosip"
    "github.com/koltyakov/gosip/api"
    strategy "github.com/koltyakov/gosip/auth/adfs"
)

func main() {

    authCnfg := &strategy.AuthCnfg{}
    configPath := "private.json"
    if err := authCnfg.ReadConfig(configPath); err != nil {
        log.Fatalf("unable to get config: %v", err)
    }
    client := &gosip.SPClient{AuthCnfg: authCnfg}
    sp := api.NewSP(client)

    res, err := sp.Web().Select("Title").Get()
    if err != nil {
        fmt.Println("error when trying to select Title")
        log.Fatal(err)
    }

Expected behavior authentication to occur with credentials matching format of documentation

{
  "siteUrl": "https://contoso.sharepoint.com/sites/test",
  "username": "john.doe@contoso.onmicrosoft.com",
  "password": "this-is-not-a-real-password"
}

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

koltyakov commented 1 year ago

Maybe something custom or unusualy is configured. If it can't be resoled automatically, what if to provide ADFS URL?

I have no SPO with ADFS configured by hand to check. If you have a chance to give me a temporary access to an empty site collection. I can take a look. Yet, please don't publish creds publicly and email me instead.

And are you actually sure you have ADFS configured? It's unlikely you'd have .onmicrosoft.com account with ADFS. So another assumption is what you need is SAML.

koltyakov commented 1 year ago

Going to close this.