func()

in pkg/provider/aad/aad.go [156:221]


func (ac *Client) Authenticate(loginDetails *creds.LoginDetails) (string, error) {
	var samlAssertion string
	var res *http.Response
	var err error
	var resBody []byte
	var resBodyStr string
	var convergedResponse *ConvergedResponse

	// idpAccount.URL = https://account.activedirectory.windowsazure.com

	// startSAML
	startURL := fmt.Sprintf("%s/applications/redirecttofederatedapplication.aspx?Operation=LinkedSignIn&applicationId=%s", ac.idpAccount.URL, ac.idpAccount.AppID)

	res, err = ac.client.Get(startURL)
	if err != nil {
		return samlAssertion, errors.Wrap(err, "error retrieving entry URL")
	}

AuthProcessor:
	for {
		resBody, _ = io.ReadAll(res.Body)
		resBodyStr = string(resBody)
		// reset res.Body so it can be read again later if required
		res.Body = io.NopCloser(bytes.NewBuffer(resBody))

		switch {
		case strings.Contains(resBodyStr, "ConvergedSignIn"):
			logger.Debug("processing ConvergedSignIn")
			res, err = ac.processConvergedSignIn(res, resBodyStr, loginDetails)
		case strings.Contains(resBodyStr, "ConvergedProofUpRedirect"):
			logger.Debug("processing ConvergedProofUpRedirect")
			res, err = ac.processConvergedProofUpRedirect(res, resBodyStr)
		case strings.Contains(resBodyStr, "KmsiInterrupt"):
			logger.Debug("processing KmsiInterrupt")
			res, err = ac.processKmsiInterrupt(res, resBodyStr)
		case strings.Contains(resBodyStr, "ConvergedTFA"):
			logger.Debug("processing ConvergedTFA")
			res, err = ac.processConvergedTFA(res, resBodyStr)
		case strings.Contains(resBodyStr, "SAMLRequest"):
			logger.Debug("processing SAMLRequest")
			res, err = ac.processSAMLRequest(res, resBodyStr)
		case ac.isHiddenForm(resBodyStr):
			if samlAssertion, _ = ac.getSamlAssertion(resBodyStr); samlAssertion != "" {
				logger.Debug("processing a SAMLResponse")
				return samlAssertion, nil
			}
			logger.Debug("processing a 'hiddenform'")
			res, err = ac.reProcessForm(resBodyStr)
		default:
			if strings.Contains(resBodyStr, "$Config") {
				if err := ac.unmarshalEmbeddedJson(resBodyStr, &convergedResponse); err != nil {
					return samlAssertion, errors.Wrap(err, "unmarshal error")
				}
				logger.Debug("unknown process step found:", convergedResponse.Pgid)
			} else {
				logger.Debug("reached an unknown page within the authentication process")
			}
			break AuthProcessor
		}
		if err != nil {
			return samlAssertion, err
		}
	}

	return samlAssertion, errors.New("failed get SAMLAssertion")
}