AzureFeeds

My original CA post is here.

The three CA conditions are:

• Block
• Force MFA
• Force password reset

These are difficult to test. They could be triggered by logging in from a banned country (needs a VPN), using the TOR browser (not allowed on many work PC), or other similar methods.

To test each case, I implemented a “unit test” to verify the flows.

“ConditionalAccess_Evaluation” sets up a string collection, which is usually empty. After this, I call the “unit test” to set the condition I want to test.

 
  
 





 
  <ClaimsExchange Id="GenerateCAClaimFlagsUT" TechnicalProfileReferenceId=
      "GenerateCAClaimFlags-UT"/>
 
 

where “GenerateCAClaimFlags-UT” is:

 GenerateCAClaimFlags
 <Protocol Name="Proprietary" Handler="Web.TPEngine.Providers.
      ClaimsTransformationProtocolProvider, Web.TPEngine, Version=1.0.0.0, 
      Culture=neutral, PublicKeyToken=null"/>
 
  <!-- <OutputClaim ClaimTypeReferenceId="CAChallengeIsMfa" 
       DefaultValue="true" AlwaysUseDefaultValue="true" /> -->
  <OutputClaim ClaimTypeReferenceId="CAChallengeIsChgPwd" DefaultValue="true"
       AlwaysUseDefaultValue="true"/>
  <!-- <OutputClaim ClaimTypeReferenceId="CAChallengeIsBlock" 
       DefaultValue="true" AlwaysUseDefaultValue="true"/> -->
  <!-- Dummy claim so no error is thrown when all the challenges are commented
       out -->
  
 

This enables me to test all the permutations easily.

All good!

Unit testing Conditional Access (CA) with Azure AD B2C custom policies was originally published in The new control plane on Medium, where people are continuing the conversation by highlighting and responding to this story.