From 8d604fbfddf932afb029bced83d210f312b843c9 Mon Sep 17 00:00:00 2001 From: Marcus Carvalho Date: Tue, 4 Oct 2022 17:51:20 +0200 Subject: [PATCH] Adfs activity cmdlets (#24) * import adfs samples * access control policy fix * help messages * cmdlets examples update * fix access policy assignment * fix example for import-msidadfssampleapp --- src/Get-MsIdAdfsSamlToken.ps1 | 94 +++++++++++++ src/Get-MsIdAdfsSampleApp.ps1 | 48 +++++++ src/Get-MsIdAdfsWsFedToken.ps1 | 91 +++++++++++++ src/Get-MsIdAdfsWsTrustToken.ps1 | 84 ++++++++++++ src/Import-MsIdAdfsSampleApp.ps1 | 123 ++++++++++++++++++ src/Import-MsIdAdfsSamplePolicy.ps1 | 68 ++++++++++ src/MSIdentityTools.psd1 | 21 ++- src/New-MsIdWsTrustRequest.ps1 | 47 +++++++ .../AdfsSamples/AdfsAccessControlPolicy.xml | 13 ++ .../AdfsSamples/Amazon Web Services.json | Bin 0 -> 10590 bytes src/internal/AdfsSamples/BOX.json | Bin 0 -> 8802 bytes src/internal/AdfsSamples/Blackboard.json | Bin 0 -> 11876 bytes src/internal/AdfsSamples/Concur.json | Bin 0 -> 8936 bytes .../AdfsSamples/CornerStone OnDemand.json | Bin 0 -> 9256 bytes .../AdfsSamples/Facebook for Work.json | Bin 0 -> 8936 bytes .../AdfsSamples/Google Cloud Console.json | Bin 0 -> 9000 bytes .../SAP Cloud Identity Platform.json | Bin 0 -> 8364 bytes src/internal/AdfsSamples/Salesforce.json | Bin 0 -> 8496 bytes src/internal/AdfsSamples/Service Now.json | Bin 0 -> 9138 bytes src/internal/AdfsSamples/Slack.json | Bin 0 -> 8414 bytes src/internal/AdfsSamples/SuccessFactors.json | Bin 0 -> 9506 bytes src/internal/AdfsSamples/Templafy.json | Bin 0 -> 19458 bytes src/internal/AdfsSamples/Workday.json | Bin 0 -> 9006 bytes src/internal/AdfsSamples/Zoom.json | Bin 0 -> 11212 bytes src/internal/AdfsSamples/Zscaler.json | Bin 0 -> 8388 bytes src/internal/Get-ParsedTokenFromResponse.ps1 | 40 ++++++ src/internal/Import-AdfsModule.ps1 | 22 ++++ src/internal/New-AdfsLoginFormFields.ps1 | 27 ++++ 28 files changed, 676 insertions(+), 2 deletions(-) create mode 100644 src/Get-MsIdAdfsSamlToken.ps1 create mode 100644 src/Get-MsIdAdfsSampleApp.ps1 create mode 100644 src/Get-MsIdAdfsWsFedToken.ps1 create mode 100644 src/Get-MsIdAdfsWsTrustToken.ps1 create mode 100644 src/Import-MsIdAdfsSampleApp.ps1 create mode 100644 src/Import-MsIdAdfsSamplePolicy.ps1 create mode 100644 src/New-MsIdWsTrustRequest.ps1 create mode 100644 src/internal/AdfsSamples/AdfsAccessControlPolicy.xml create mode 100644 src/internal/AdfsSamples/Amazon Web Services.json create mode 100644 src/internal/AdfsSamples/BOX.json create mode 100644 src/internal/AdfsSamples/Blackboard.json create mode 100644 src/internal/AdfsSamples/Concur.json create mode 100644 src/internal/AdfsSamples/CornerStone OnDemand.json create mode 100644 src/internal/AdfsSamples/Facebook for Work.json create mode 100644 src/internal/AdfsSamples/Google Cloud Console.json create mode 100644 src/internal/AdfsSamples/SAP Cloud Identity Platform.json create mode 100644 src/internal/AdfsSamples/Salesforce.json create mode 100644 src/internal/AdfsSamples/Service Now.json create mode 100644 src/internal/AdfsSamples/Slack.json create mode 100644 src/internal/AdfsSamples/SuccessFactors.json create mode 100644 src/internal/AdfsSamples/Templafy.json create mode 100644 src/internal/AdfsSamples/Workday.json create mode 100644 src/internal/AdfsSamples/Zoom.json create mode 100644 src/internal/AdfsSamples/Zscaler.json create mode 100644 src/internal/Get-ParsedTokenFromResponse.ps1 create mode 100644 src/internal/Import-AdfsModule.ps1 create mode 100644 src/internal/New-AdfsLoginFormFields.ps1 diff --git a/src/Get-MsIdAdfsSamlToken.ps1 b/src/Get-MsIdAdfsSamlToken.ps1 new file mode 100644 index 0000000..dbbf2d7 --- /dev/null +++ b/src/Get-MsIdAdfsSamlToken.ps1 @@ -0,0 +1,94 @@ +<# +.SYNOPSIS + Initiates a SAML logon request to and AD FS server to generate log activity and returns the user token. +.DESCRIPTION + This command will generate log activity on the ADFS server, by requesting a SAML token using Windows or forms authentication. +.EXAMPLE + PS > Get-MsIdAdfsSamlToken urn:microsoft:adfs:claimsxray -HostName adfs.contoso.com + + Sign in to an application on an AD FS server using logged user credentials using the SAML protocol. + +.EXAMPLE + PS > $credential = Get-Credential + PS > Get-MsIdAdfsSamlToken urn:microsoft:adfs:claimsxray -HostName adfs.contoso.com + + Sign in to an application on an AD FS server using credentials provided by the user using the SAML endpoint and forms based authentication. + +.EXAMPLE + PS > $SamlIdentifiers = Get-AdfsRelyingPartyTrust | where { $_.WSFedEndpoint -eq $null } | foreach { $_.Identifier.Item(0) } + PS > $SamlIdentifiers | foreach { Get-MsIdAdfsSamlToken $_ -HostName adfs.contoso.com } + + Get all SAML relying party trusts from the AD FS server and sign in using the logged user credentials. + +#> +function Get-MsIdAdfsSamlToken +{ + [CmdletBinding()] + [OutputType([string])] + param( + # Application identifier + [Parameter(Mandatory=$true, + Position=0, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$true)] + [string]$Issuer, + # Enter host name for the AD FS server + [Parameter(Mandatory=$true)] + [string]$HostName, + # Provide the credential for the user to be signed in + [Parameter(Mandatory=$false)] + [pscredential]$Credential + ) + + if ($null -ne $Credential) + { + Write-Warning "Using credentials sends password in clear text over the network!" + } + + + $login = $null + $loginFail = "" + + $EncodedSamlRequest = New-MsIdSamlRequest -Issuer $Issuer -DeflateAndEncode + + [System.UriBuilder] $uriAdfs = 'https://{0}/adfs/ls' -f $HostName + $uriAdfs.Query = ConvertTo-QueryString @{ + SAMLRequest = $EncodedSamlRequest + } + + if ($null -ne $Credential) { + $user = $Credential.UserName + $form = New-AdfsLoginFormFields -Credential $Credential + try{ + $login = Invoke-WebRequest -Uri $uriAdfs.Uri -Method POST -Body $form -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + else { + $userAgent = 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT; Windows NT 10.0; en-US)' + $user = "$($env:USERDOMAIN)\$($env:UserName)" + try{ + $login = Invoke-WebRequest -Uri $uriAdfs.Uri -UserAgent $userAgent -UseDefaultCredentials -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + + + + if ($null -eq $login) { Write-Error "HTTP request failed for issuer ""$($Issuer)"" and user: $($user). ERROR: $($loginFail)" } + elseif ($login.StatusCode -ne 200) { Write-Error "HTTP request failed for issuer ""$($Issuer)"" and user: $($user). ERROR: HTTP status $($login.StatusCode)" } + elseif ($login.InputFields.Count -le 0) { + Write-Warning "Login failed for issuer ""$($Issuer)"" and user: $($user)" + } + elseif ($login.InputFields[0].outerHTML.Contains("SAMLResponse")) { + Write-Host "Login sucessful for issuer ""$($Issuer)"" and user: $($user)" + return $login.Content | Get-ParsedTokenFromResponse -Protocol SAML + } + else { Write-Warning "Login failed for issuer ""$($Issuer)"" and user: $($user)" } + + return +} diff --git a/src/Get-MsIdAdfsSampleApp.ps1 b/src/Get-MsIdAdfsSampleApp.ps1 new file mode 100644 index 0000000..c4e361c --- /dev/null +++ b/src/Get-MsIdAdfsSampleApp.ps1 @@ -0,0 +1,48 @@ +<# +.SYNOPSIS + Returns the list of availabe sample AD FS relyng party trust applications available in this module. These applications do NOT use real endpoints and are meant to be used as test applications. +.EXAMPLE + PS > Get-MsIdAdfsSampleApps + + Get the full list of sample AD FS apps. + +.EXAMPLE + PS > Get-MsIdAdfsSampleApps SampleAppName + + Get only SampleAppName sample AD FS app (replace SampleAppName by one of the available apps). + +#> +function Get-MsIdAdfsSampleApp { + [CmdletBinding()] + [OutputType([object[]])] + param ( + # Sample applications name + [Parameter(Mandatory = $false)] + [string] $Name + ) + + $result = [System.Collections.ArrayList]@() + + if (Import-AdfsModule) { + $apps = Get-ChildItem -Path "$($PSScriptRoot)\internal\AdfsSamples\" + + if ($Name -ne '') { + $apps = $apps | Where-Object { $_.Name -eq $Name + '.json' } + } + + ForEach ($app in $apps) { + Try { + Write-Verbose "Loading app: $($app.Name)" + if ($app.Name -notlike '*.xml') { + $rp = Get-Content $app.FullName | ConvertFrom-json + $null = $result.Add($rp) + } + } + catch { + Write-Warning "Error while loading app '$($app.Name)': ($_)" + } + } + + return ,$result + } +} \ No newline at end of file diff --git a/src/Get-MsIdAdfsWsFedToken.ps1 b/src/Get-MsIdAdfsWsFedToken.ps1 new file mode 100644 index 0000000..669e13f --- /dev/null +++ b/src/Get-MsIdAdfsWsFedToken.ps1 @@ -0,0 +1,91 @@ +<# +.SYNOPSIS + Initiates a Ws-Fed logon request to and AD FS server to generate log activity and returns the user token. +.DESCRIPTION + This command will generate log activity on the ADFS server, by requesting a Ws-Fed token using the windows or forms authentication. +.EXAMPLE + PS > Get-MsIdAdfsWsFedToken urn:federation:MicrosoftOnline -HostName adfs.contoso.com + + Sign in to an application on an AD FS server using logged user credentials using the Ws-Fed protocol. + +.EXAMPLE + PS > $credential = Get-Credential + PS > Get-MsIdAdfsWsFedToken urn:federation:MicrosoftOnline -HostName adfs.contoso.com + + Sign in to an application on an AD FS server using credentials provided by the user using the Ws-Fed endpoint and forms based authentication. + +.EXAMPLE + PS > $WsFedIdentifiers = Get-AdfsRelyingPartyTrust | where { $_.WSFedEndpoint -ne $null -and $_.Identifier -notcontains "urn:federation:MicrosoftOnline" } | foreach { $_.Identifier.Item(0) } + PS > $WsFedIdentifiers | foreach { Get-MsIdAdfsWsFedToken $_ -HostName adfs.contoso.com } + + Get all Ws-Fed relying party trusts from the AD FS server excluding Azure AD and sign in using the logged user credentials. + +#> +function Get-MsIdAdfsWsFedToken +{ + [CmdletBinding()] + [OutputType([string])] + param( + # Enter the application identifier + [Parameter(Mandatory=$true, + Position=0, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$true)] + [string]$WtRealm, + # Enter host name for the AD FS server + [Parameter(Mandatory=$true)] + [string]$HostName, + # Provide the credential for the user to be signed in + [Parameter(Mandatory=$false)] + [pscredential]$Credential + ) + + $login = $null + $loginFail = "" + + # Defaults to Ws-Fed request + [System.UriBuilder] $uriAdfs = 'https://{0}/adfs/ls' -f $HostName + $uriAdfs.Query = ConvertTo-QueryString @{ + 'client-request-id' = New-Guid + wa = 'wsignin1.0' + wtrealm = $WtRealm + } + + + if ($null -ne $Credential) { + Write-Warning "Using credentials sends password in clear text over the network!" + + $user = $Credential.UserName + $form = New-AdfsLoginFormFields -Credential $Credential + try{ + $login = Invoke-WebRequest -Uri $uriAdfs.Uri -Method POST -Body $form -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + else { + $userAgent = 'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT; Windows NT 10.0; en-US)' + $user = "$($env:USERDOMAIN)\$($env:UserName)" + try{ + $login = Invoke-WebRequest -Uri $uriAdfs.Uri -UserAgent $userAgent -UseDefaultCredentials -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + + + if ($null -eq $login) { Write-Error "HTTP request failed for WtRealm ""$($WtRealm)"" and user: $($user). ERROR: $($loginFail)" } + elseif ($login.StatusCode -ne 200) { Write-Error "HTTP request failed for WtRealm ""$($WtRealm)"" and user: $($user). ERROR: HTTP status $($login.StatusCode)" } + elseif ($login.InputFields.Count -le 0) { + Write-Warning "Login failed for WtRealm ""$($WtRealm)"" and user: $($user)" + } + elseif ($login.InputFields[0].outerHTML.Contains("wsignin1.0")) { + Write-Host "Login sucessful for WtRealm ""$($WtRealm)"" and user: $($user)" + return $login.Content | Get-ParsedTokenFromResponse -Protocol WsFed + } + else { Write-Warning "Login failed for WtRealm ""$($WtRealm)"" and user: $($user)" } + + return +} diff --git a/src/Get-MsIdAdfsWsTrustToken.ps1 b/src/Get-MsIdAdfsWsTrustToken.ps1 new file mode 100644 index 0000000..e838340 --- /dev/null +++ b/src/Get-MsIdAdfsWsTrustToken.ps1 @@ -0,0 +1,84 @@ +<# +.SYNOPSIS + Initiates a Ws-Trust logon request to and AD FS server to generate log activity and returns the user token. +.DESCRIPTION + This command will generate log activity on the ADFS server, by requesting a Ws-Trust token using the windows transport or user name mixed endpoint. +.EXAMPLE + PS > Get-MsIdAdfsWsTrustToken urn:federation:MicrosoftOnline -HostName adfs.contoso.com + + Sign in to an application on an AD FS server using logged user credentials using the WindowsTransport endpoint. + +.EXAMPLE + PS > $credential = Get-Credential + PS > Get-MsIdAdfsWsTrustToken urn:federation:MicrosoftOnline -HostName adfs.contoso.com -Credential $credential + + Sign in to an application on an AD FS server using credentials provided by the user using the UserNameMixed endpoint. + +.EXAMPLE + PS > $identifiers = Get-AdfsRelyingPartyTrust | foreach { $_.Identifier.Item(0) } + PS > $identifiers | foreach { Get-MsIdAdfsWsTrustToken $_ -HostName adfs.contoso.com } + + Get all relying party trusts from the AD FS server and sign in using the logged user credentials. + +#> +function Get-MsIdAdfsWsTrustToken +{ + [CmdletBinding()] + [OutputType([string])] + param( + # Enter the application identifier + [Parameter(Mandatory=$true, + Position=0, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$true)] + [string]$Identifier, + # Enter host name for the AD FS server + [Parameter(Mandatory=$true)] + [string]$HostName, + # Provide the credential for the user to be signed in + [Parameter(Mandatory=$false)] + [pscredential]$Credential + ) + + $login = $null + $loginFail = "" + + if ($null -ne $Credential) { + $user = $Credential.UserName + + [System.UriBuilder] $uriAdfs = 'https://{0}/adfs/services/trust/2005/usernamemixed' -f $HostName + + $wstrustRequest = New-MsIdWsTrustRequest $Identifier -Endpoint $uriAdfs.Uri -Credential $Credential + try{ + $login = Invoke-WebRequest $uriAdfs.Uri -Method Post -Body $wstrustRequest -ContentType "application/soap+xml" -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + else { + $user = "$($env:USERDOMAIN)\$($env:UserName)" + + [System.UriBuilder] $uriAdfs = 'https://{0}/adfs/services/trust/2005/windowstransport' -f $HostName + + $wstrustRequest = New-MsIdWsTrustRequest $Identifier -Endpoint $uriAdfs.Uri + try{ + $login = Invoke-WebRequest $uriAdfs.Uri -Method Post -Body $wstrustRequest -ContentType "application/soap+xml" -UseDefaultCredentials -UseBasicParsing -ErrorAction SilentlyContinue + } + catch [System.Net.WebException]{ + $loginFail = $_ + } + } + + + + if ($null -eq $login) { Write-Error "HTTP request failed for identifier ""$($identifier)"" and user: $($user). ERROR: $($loginFail)" } + elseif ($login.StatusCode -ne 200) { Write-Error "HTTP request failed for identifier ""$($identifier)"" and user: $($user). ERROR: HTTP status $($login.StatusCode)" } + elseif ($login.Headers["Content-Type"].Contains("application/soap+xml")) { + Write-Host "Login sucessful for identifier ""$($Identifier)"" and user: $($user)" + return $login.Content | ConvertFrom-SamlMessage + } + else { Write-Warning "Login failed for identifier ""$($Identifier)"" and user: $($user)" } + + return +} diff --git a/src/Import-MsIdAdfsSampleApp.ps1 b/src/Import-MsIdAdfsSampleApp.ps1 new file mode 100644 index 0000000..2475e17 --- /dev/null +++ b/src/Import-MsIdAdfsSampleApp.ps1 @@ -0,0 +1,123 @@ +<# +.SYNOPSIS + Imports a list availabe sample AD FS relyng party trust applications available in this module, the list is created by the Get-MsIdAdfsSampleApps cmdlet. These applications do NOT use real endpoints and are meant to be used as test applications. +.EXAMPLE + PS >Get-MsIdAdfsSampleApp | Import-MsIdAdfsSampleApp + + Import the full list of sample AD FS apps to the local AD FS server. + +.EXAMPLE + PS >Get-MsIdAdfsSampleApp | Import-MsIdAdfsSampleApp -NamePreffix 'MsId ' + + Import the full list of sample AD FS apps to the local AD FS server, adding the MsId prefix to the app name. + +.EXAMPLE + PS >Get-MsIdAdfsSampleApp SampleAppName | Import-MsIdAdfsSampleApp + + Import only the SampleAppName sample AD FS app to the local AD FS server (replace SampleAppName by one of the available apps). +#> +function Import-MsIdAdfsSampleApp { + [CmdletBinding()] + param( + # Application identifier + [Parameter(Mandatory=$true, + Position=0, + ValueFromPipeline=$true, + ValueFromPipelineByPropertyName=$true)] + [object[]]$Application, + # Name prefix for the AD FS relying party + [Parameter(Mandatory=$false)] + [string]$NamePreffix = "", + # Apply sample app default parameters to existing apps + [Parameter(Mandatory=$false)] + [switch]$Force = $false + ) + + $samplePolicy = "MsId Block Off Corp and VPN" + + if (Import-AdfsModule) { + Try { + foreach($RelyingParty in $Application) { + Write-Verbose "Processing app '$($RelyingParty.Name)' with the supplied prefix '$($NamePreffix)'" + + $rpName = $NamePreffix + $RelyingParty.Name + $targetIdentifier = $RelyingParty.Identifier + + $adfsApp = Get-ADFSRelyingPartyTrust -Name $rpName + if ($null -eq $adfsApp) { + Write-Verbose "Creating application '$($rpName)'" + $null = Add-ADFSRelyingPartyTrust -Identifier $targetIdentifier -Name $rpName + } + else { + if (-not $Force) { + throw "The application '" + $rpName + "' already exists, use -Force to ovewrite it." + } + Write-Verbose "Updating application '$($rpName)'" + } + + Set-ADFSRelyingPartyTrust -TargetName $rpName -AutoUpdateEnabled $RelyingParty.AutoUpdateEnabled + Set-ADFSRelyingPartyTrust -TargetName $rpName -DelegationAuthorizationRules $RelyingParty.DelegationAuthorizationRules + Set-ADFSRelyingPartyTrust -TargetName $rpName -IssuanceAuthorizationRules $RelyingParty.IssuanceAuthorizationRules + Set-ADFSRelyingPartyTrust -TargetName $rpName -WSFedEndpoint $RelyingParty.WSFedEndpoint + Set-ADFSRelyingPartyTrust -TargetName $rpName -IssuanceTransformRules $RelyingParty.IssuanceTransformRules + Set-ADFSRelyingPartyTrust -TargetName $rpName -ClaimAccepted $RelyingParty.ClaimsAccepted + Set-ADFSRelyingPartyTrust -TargetName $rpName -EncryptClaims $RelyingParty.EncryptClaims + Set-ADFSRelyingPartyTrust -TargetName $rpName -EncryptionCertificate $RelyingParty.EncryptionCertificate + Set-ADFSRelyingPartyTrust -TargetName $rpName -MetadataUrl $RelyingParty.MetadataUrl + Set-ADFSRelyingPartyTrust -TargetName $rpName -MonitoringEnabled $RelyingParty.MonitoringEnabled + Set-ADFSRelyingPartyTrust -TargetName $rpName -NotBeforeSkew $RelyingParty.NotBeforeSkew + Set-ADFSRelyingPartyTrust -TargetName $rpName -ImpersonationAuthorizationRules $RelyingParty.ImpersonationAuthorizationRules + Set-ADFSRelyingPartyTrust -TargetName $rpName -ProtocolProfile $RelyingParty.ProtocolProfile + Set-ADFSRelyingPartyTrust -TargetName $rpName -RequestSigningCertificate $RelyingParty.RequestSigningCertificate + Set-ADFSRelyingPartyTrust -TargetName $rpName -EncryptedNameIdRequired $RelyingParty.EncryptedNameIdRequired + Set-ADFSRelyingPartyTrust -TargetName $rpName -SignedSamlRequestsRequired $RelyingParty.SignedSamlRequestsRequired + + $newSamlEndPoints = @() + foreach ($SamlEndpoint in $RelyingParty.SamlEndpoints) + { + # Is ResponseLocation defined? + if ($SamlEndpoint.ResponseLocation) + { + # ResponseLocation is not null or empty + $newSamlEndPoint = New-ADFSSamlEndpoint -Binding $SamlEndpoint.Binding ` + -Protocol $SamlEndpoint.Protocol ` + -Uri $SamlEndpoint.Location -Index $SamlEndpoint.Index ` + -IsDefault $SamlEndpoint.IsDefault + } + else + { + $newSamlEndPoint = New-ADFSSamlEndpoint -Binding $SamlEndpoint.Binding ` + -Protocol $SamlEndpoint.Protocol ` + -Uri $SamlEndpoint.Location -Index $SamlEndpoint.Index ` + -IsDefault $SamlEndpoint.IsDefault ` + -ResponseUri $SamlEndpoint.ResponseLocation + } + $newSamlEndPoints += $newSamlEndPoint + } + Set-ADFSRelyingPartyTrust -TargetName $rpName -SamlEndpoint $newSamlEndPoints + Set-ADFSRelyingPartyTrust -TargetName $rpName -SamlResponseSignature $RelyingParty.SamlResponseSignature + Set-ADFSRelyingPartyTrust -TargetName $rpName -SignatureAlgorithm $RelyingParty.SignatureAlgorithm + Set-ADFSRelyingPartyTrust -TargetName $rpName -TokenLifetime $RelyingParty.TokenLifetime + + # check if using custom plocy and test if exists + if ($RelyingParty.AccessControlPolicyName -eq $samplePolicy) { + if (Get-AdfsAccessControlPolicy -Name $samplePolicy) { + Set-AdfsRelyingPartyTrust -TargetName $rpName -AccessControlPolicyName $RelyingParty.AccessControlPolicyName + } + else { + Write-Warning "The Access Control Policy '$($samplePolicy)' is missing, run 'Import-MsIdAdfsSamplePolicies' to create." + } + } + else { + Set-AdfsRelyingPartyTrust -TargetName $rpName -AccessControlPolicyName $RelyingParty.AccessControlPolicyName + } + } + } + Catch { + Write-Error $_ + } + } + else { + Write-Error "The Import-MsIdAdfsSampleApps cmdlet requires the ADFS module installed to work." + } +} \ No newline at end of file diff --git a/src/Import-MsIdAdfsSamplePolicy.ps1 b/src/Import-MsIdAdfsSamplePolicy.ps1 new file mode 100644 index 0000000..1b8e4f1 --- /dev/null +++ b/src/Import-MsIdAdfsSamplePolicy.ps1 @@ -0,0 +1,68 @@ +<# +.SYNOPSIS + Imports the 'MsId Block Off Corp and VPN' sample AD FS access control policy. This policy is meant to be used as test policy. +.DESCRIPTION + Imports the 'MsId Block Off Corp and VPN' sample AD FS access control policy. Pass locations in the format of range (205.143.204.1-205.143.205.250) or CIDR (12.159.168.1/24). + + This policy is meant to be used as test policy! +.EXAMPLE + PS >Import-MsIdAdfsSamplePolicy -Locations 205.143.204.1-205.143.205.250,12.159.168.1/24,12.35.175.1/26 + + Create the policy to the local AD FS server. + +.EXAMPLE + PS >Import-MsIdAdfsSamplePolicy -Locations 205.143.204.1-205.143.205.250 -ApplyTo App1,App2 + + Create the policy to the local AD FS server and apply it to to the list of applications. + +#> +function Import-MsIdAdfsSamplePolicy { + [CmdletBinding()] + param( + # Network locations + [Parameter(Mandatory=$true)] + [string[]]$Locations, + # Relying party names to apply the policy + [Parameter(Mandatory=$false)] + [string[]]$ApplyTo + ) + + $name = "MsId Block Off Corp and VPN" + + if (Import-AdfsModule) { + Try { + + # build for each location + $values = "" + foreach ($location in $Locations) { + $values += "$($location)" + } + + # load and update metadata file + $metadataBase = Get-Content "$($PSScriptRoot)\internal\AdfsSamples\AdfsAccessControlPolicy.xml" -Raw + $metadataStr = $metadataBase -replace '.*',"$values" + $metadata = New-Object -TypeName Microsoft.IdentityServer.PolicyModel.Configuration.PolicyTemplate.PolicyMetadata -ArgumentList $metadataStr + + $policy = Get-AdfsAccessControlPolicy -Name $name + if ($null -eq $policy) { + Write-Verbose "Creating Access Control Policy $($name)" + $null = New-AdfsAccessControlPolicy -Name $name -Identifier "DenyNonCorporateandNonVPN" -PolicyMetadata $metadata + } + else { + throw "The policy '" + $name + "' already exists." + } + + if ($null -ne $ApplyTo) { + foreach ($app in $ApplyTo) { + Set-AdfsRelyingPartyTrust -TargetName $app -AccessControlPolicyName $name + } + } + } + Catch { + Write-Error $_ + } + } + else { + Write-Error "The Import-MsIdAdfsSampleApps cmdlet requires the ADFS module installed to work." + } +} \ No newline at end of file diff --git a/src/MSIdentityTools.psd1 b/src/MSIdentityTools.psd1 index 793a5b3..cbc228c 100644 --- a/src/MSIdentityTools.psd1 +++ b/src/MSIdentityTools.psd1 @@ -1,4 +1,4 @@ -# +# # Module manifest for module 'MSIdentityTools' # # Generated by: MSIdentity @@ -54,7 +54,7 @@ ) # Assemblies that must be loaded prior to importing this module - # RequiredAssemblies = @() + # # # # RequiredAssemblies = @() # Script files (.ps1) that are run in the caller's environment prior to importing this module. # ScriptsToProcess = @() @@ -83,9 +83,12 @@ '.\internal\Expand-Data.ps1' '.\internal\Get-ObjectPropertyValue.ps1' '.\internal\Get-OpenIdProviderConfiguration.ps1' + '.\internal\Get-ParsedTokenFromResponse.ps1' '.\internal\Get-SamlFederationMetadata.ps1' '.\internal\Get-X509Certificate.ps1' + '.\internal\Import-AdfsModule.ps1' '.\internal\Invoke-CommandAsSystem.ps1' + '.\internal\New-AdfsLoginFormFields.ps1' '.\internal\Resolve-XmlAttribute.ps1' '.\internal\Resolve-XmlElement.ps1' '.\internal\Test-IpAddressInSubnet.ps1' @@ -98,6 +101,9 @@ '.\ConvertFrom-MsIdJwtToken.ps1' '.\ConvertFrom-MsIdSamlMessage.ps1' '.\Expand-MsIdJwtTokenPayload.ps1' + '.\Get-MsIdAdfsSamlToken.ps1' + '.\Get-MsIdAdfsWsFedToken.ps1' + '.\Get-MsIdAdfsWsTrustToken.ps1' '.\Get-MsIdApplicationIdByAppId.ps1' '.\Get-MsIdAuthorityUri.ps1' '.\Get-MsIdAzureIpRange.ps1' @@ -112,6 +118,7 @@ '.\New-MsIdClientSecret.ps1' '.\New-MsIdSamlRequest.ps1' '.\New-MsIdTemporaryUserPassword.ps1' + '.\New-MsIdWsTrustRequest.ps1' '.\Reset-MsIdExternalUser.ps1' '.\Resolve-MsIdAzureIpAddress.ps1' '.\Show-MsIdJwtToken.ps1' @@ -126,6 +133,9 @@ '.\Get-MsIdGroupWritebackConfiguration.ps1' '.\Update-MsIdGroupWritebackConfiguration.ps1' '.\Get-MsIdUnredeemedInvitedUser.ps1' + '.\Import-MsIdAdfsSampleApp.ps1' + '.\Import-MsIdAdfsSamplePolicy.ps1' + '.\Get-MsIdAdfsSampleApp.ps1' '.\Get-MsIdInactiveSignInUser.ps1' '.\Set-MsIdServicePrincipalVisibleInMyApps.ps1' ) @@ -138,6 +148,9 @@ 'ConvertFrom-MsIdJwtToken' 'ConvertFrom-MsIdSamlMessage' 'Expand-MsIdJwtTokenPayload' + 'Get-MsIdAdfsSamlToken' + 'Get-MsIdAdfsWsFedToken' + 'Get-MsIdAdfsWsTrustToken' 'Get-MsIdApplicationIdByAppId' 'Get-MsIdAuthorityUri' 'Get-MsIdAzureIpRange' @@ -149,6 +162,7 @@ 'Get-MsIdServicePrincipalIdByAppId' 'Get-MsIdUnmanagedExternalUser' 'Invoke-MsIdAzureAdSamlRequest' + 'New-MsIdWsTrustRequest' 'New-MsIdClientSecret' 'New-MsIdSamlRequest' 'New-MsIdTemporaryUserPassword' @@ -166,6 +180,9 @@ 'Get-MsIdGroupWritebackConfiguration' 'Update-MsIdGroupWritebackConfiguration' 'Get-MsIdUnredeemedInvitedUser' + 'Get-MsIdAdfsSampleApp' + 'Import-MsIdAdfsSampleApp' + 'Import-MsIdAdfsSamplePolicy' 'Get-MsIdInactiveSignInUser' 'Set-MsIdServicePrincipalVisibleInMyApps' ) diff --git a/src/New-MsIdWsTrustRequest.ps1 b/src/New-MsIdWsTrustRequest.ps1 new file mode 100644 index 0000000..fcc12dc --- /dev/null +++ b/src/New-MsIdWsTrustRequest.ps1 @@ -0,0 +1,47 @@ +<# +.SYNOPSIS + Create a WS-Trust request. +.EXAMPLE + PS > New-MsIdWsTrustRequest urn:federation:MicrosoftOnline -Endpoint https://adfs.contoso.com/adfs/services/trust/2005/windowstransport + + Create a Ws-Trust request for the application urn:federation:MicrosoftOnline. + +#> +function New-MsIdWsTrustRequest { + [CmdletBinding()] + [OutputType([string])] + param ( + # Application identifier + [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)] + [string] $Identifier, + # Host name for the AD FS server + [Parameter(Mandatory=$true)] + [string]$Endpoint, + # Credential for the user to be signed in + [Parameter(Mandatory=$false)] + [pscredential]$Credential + ) + + if ($Credential -ne $null) + { + Write-Warning "Using credentials sends password in clear text over the network!" + + $username = $Credential.UserName + $password = ConvertFrom-SecureStringAsPlainText $Credential.Password -Force + $request = [String]::Format( + 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://www.w3.org/2005/08/addressing/anonymous{0}{1}{2}{3}0http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyhttp://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0', ` + $Endpoint, + $username, + $password, + $Identifier) + } + else + { + $request = [String]::Format( + 'http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issuehttp://www.w3.org/2005/08/addressing/anonymous{0}{1}0http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKeyhttp://schemas.xmlsoap.org/ws/2005/02/trust/Issuehttp://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0', ` + $Endpoint, + $Identifier) + } + + return $request +} \ No newline at end of file diff --git a/src/internal/AdfsSamples/AdfsAccessControlPolicy.xml b/src/internal/AdfsSamples/AdfsAccessControlPolicy.xml new file mode 100644 index 0000000..9521eba --- /dev/null +++ b/src/internal/AdfsSamples/AdfsAccessControlPolicy.xml @@ -0,0 +1,13 @@ + + false + + + + + Equals + + + + + + \ No newline at end of file diff --git a/src/internal/AdfsSamples/Amazon Web Services.json b/src/internal/AdfsSamples/Amazon Web Services.json new file mode 100644 index 0000000000000000000000000000000000000000..1e838a0bc9272fa15933b20c7b983ba6e624abed GIT binary patch literal 10590 zcmeI2ZEqVz6ouzA68|AGd}t-yw1Jl33PEUiDQcRkNhzoS$#tAG5H}%qnv^K~bl^O5 zeLb_g_S#NdBqU_TyWX9>uV>EOJDb1%x(M%w_rlWf(+F$fP@ki47P?_qzfQv-ywdq= z9S=e$wBzwezaMB^JM{H=s{4ETJBi~u`tFBDXhoSXqWoNk>ss9L=kQU#^+X>CB^jT|4TvuL&LC9CVTU>uRlPDs4MvHx*9qwBWqKr`c+nU z^i*B88ya^z+>yMMuo~`#k3&<>e5&J$&OqfIeVWp~sw3BK$Iq@tw8Lk5`lUv#>Q~i< z#H(dK+t9Pe`WTC*73g9iE6`;n8p)Dv#q?AeH7+RIl`Od~C)xa|qSq`LD0?0K9S*sX zIe4fzri?z9jkXpvh3~bn5gv_+u;UUm4K!~0+TbT+9bX&MgP&v}l9<$0bck8OzMm?5m}R2!bVhETJqD8ORH zd0&<=%kQ$5XPO}gnJ#DcBSpQhJAJV{s}?Ib=K~?RHNt319C1qw(GoA@wlnfOS-dUV zn+vx8VT@5XoR6$7uK=^ep**G`-t32Uc?l}1yHXuC38!Tlv;1yoW*2MPl;>B{IS@}0 zy=8rfzgM5PWYw9jaO~;N*4$f>S9)=*VS6zcDf3pc(b;KDwoox!-ELh6-+jdntWaSr z0lqwy20LPPBiq(&}3LT6MD{so-?i8x8f7~Ld{BC-S6n^cKAf!=aO(J z1~TL|^~-9m52T?l)HU_}O2?IOSJgu~!wt>%qgb82R-WkQy0U?;AbDJ#tL46ydYTHA zYIQqyiR9n$cdvvgo3&uBD~|L^4b1GtIAd+HsUOc>)=EXzr00A#Sbb$Z7i-AuwLFrk zC~fW9&|1HyKYG&Muv;JBJ0;I2aS*7Wwm6pTZ==LhowMq?pFT6nXnHLB^URQm#4Jmy zo4aE5CCO(t=k}{IWc1 zTV(fzb!7HbAywskIlAikUJ9Qpt2>H|)#Z5y%hesp+KD!|!i&)yq7t?TS3EQ_ANM29_~{C;|>ZWK~}h|j`J>6vt`IKmlu+(^I2 z6ULZulGO)b`$f#rzZL0YX*O0&7A%iu3LIsKF;6(ZYUP{fvsuv4imc4a3Ho3~5R0yx z;l7SG&-_?7Qy)c6J1(ph$nj^X$^Tn(6_k|m>in{%I($id`AjqQJE8okMsA0nh8c68 z$=u{QPP}17M>Wx6Z;*QAO}x6UGwySZk#D1X?1F>9ZeQovbR*tzYP?YR!_%P_)zg`=^C7JD2cY#rZ+xt-n#mmE!jOy3ad0|U5>hM&b=}g`Exz4 z;;in*r}*u>RKH$$^^#b2v3x(>&T%=${!diFTA$9ZaeQ6v!`a6os=QC|SX{UNcqCb{ zS$$vhAoc>hq1{q0>|Gq|+n#<+@5Nk4-brpNm&HDHM`&4(o`LqJqC%bt6!)*EQ+pk(%uH#Nbk)q zEmyuAZSu4U4m$M{{v$yeFw!FyJCb|H#d;5qMiI|Xky^i;kp zvNYV~W9I-?r;46;xA4dKhKijh@BEvRghY!s>kv|NUE}nW_YQ3Ls4cl*2GnuR4gwXr z?^yC?(swL1s#TfVk_( zon)`~Nb~F>CCiF&sK&zfi|WRgpD{kj|NDem&XHHu=Xg$IIzvv$Ww1ZPyCv(p3@P~= z`Ks2se7jCR=DIhBJvkf_^$T01@7+yJzIM?%6zluGf!AMR)pO)EZmq3^_Q^{cLryp;9D^>@}N__&7lIrbVO3ar Y6d7Alulf$oHBCFt|E>;+_LP191J&yev;Y7A literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/BOX.json b/src/internal/AdfsSamples/BOX.json new file mode 100644 index 0000000000000000000000000000000000000000..567df25aa2467beb9a64897d05825fef09ff548d GIT binary patch literal 8802 zcmcgxZEqS!5Z=#~`X4O%C6SDskS2ABDwXD?aTUjIOqx`2K9B<(THb0P#Etyd+dj_> zbGx_49bnVwWbQb2XXoXanP=Dk{`1*=?Y?q5i>u-qu8(Wv=C0$~_%?G>_W{pC+eW@X> z=%$u*ME8%dH)|O!PTZfV758&1oWL{h;ej4(<>jm^1;K{swQ$5O8ZvY*{Inl+~-*nadYFPw_mfKoWAZ&)! z@RRe+jfc!5O&nQdVo$ougaUhK>6B6J$vh zpC53qx%=P}afB<#{*iFCA>zc{9N8du1>WK~bK`w2`7{|S*=kdEiHyJD??Hqq&0%7$ zgNkXqjhN|*pQ)|aX(G=itCo{hG|#d@*_Q6P*iqK!@{~+|sh#Wyoxg!U?nwuW-TLyq zlefI6A`um28e_=*StQQz%pPoZT4uy(vVLvj*e8zNn8#Z%)9 z!ub9S(#}Ndx_g^u8Rywd+uv#Jn7}@sqzs_X1l408J|cSAt-A2(o?vi*3Npt#t1Aam zS03QA2Te4miGWMIN#Kzd-t)wOvy@Blbc=O{dw8DLunHI#q2{}=%>2X-8S30XFW*5F zUcsVgK=MnBY`WjY6Yo-+IpYkHxy!i+op!LY#wwdR6|C0K| zk^9o?vl0%sV0{*=zRJ>`+k#20?L>pe%|po-Mq?K-;0{mErVQ7Xue(5_GAZ^M=0Sqb zF=E(H_f)%rHlBhEgDO7(VtFFWTKX7w<|pU>3W=Pp=c(b|?6!O8J_GqzsaLoT>&#%G zc>)yvCbQYCINqv--Sb_a9GdlwXBox@Z(0qXLl(2Kyh=Zky2SI~Q`oF0e?)v2-&S`9 zTO;giO?WNjE3B6L@UC{fTVOynVNC}(8#$0m&rA4uTgK-7W9wvlAmj3Xtab?fS%=8j zh>h*VWZAj1#o4NRcv`=#U*)}HC$@~6_G+Gp>e-3!$CfSD?YT#$jqF8JV7DXnnHfl% zS-;sk+qkn@`?I|rT)#!=zS3wYSV>-|Rd=nQ&e^ zo-7h+wn`C0TW2R5jv?=)^*va`N|RlMSz|pm$yj@YSs{npS?oE;bLx=8?i_ciReP5= za(YG{Y%HY;NtCGmCOf0laIIzQ#5_m2F4+h%MO5;cY=@oS_D?)Dwfz%0$WwTRt9cJ_ zb!A-ipnspFCtS)YxFaA^J^-J^|K0QR_2feTbLHPA(1wWfnBQD(k-o;gHsQQpv#cNT zzEE~sHa?!C^&JmZWU&DE#K6EmmyeZh?H#aHvUU=aje;D9egfzo$p&Eb&*+1?%c;1?lvh+ sd%dlEwFU1!LBC?(XLr$)AmxUw)YIC>uX_$@wy(NxeqKq5I!izQ168r%@&Et; literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Blackboard.json b/src/internal/AdfsSamples/Blackboard.json new file mode 100644 index 0000000000000000000000000000000000000000..5ec738077ab3c4ce3ff2f52c58f7d52e986ad07a GIT binary patch literal 11876 zcmeHNSx*~R6u!@u`X4O!B}f>8)1=f-m~xHzyJDVzBFH$+U%&C9dnA~%uG$!bZ~cRCguaKM>r2mV%qk6 zhWjU2*EVAuukm{ip9{M#!S~qIP0PZ3XW{!e6xZs`@6CF|#WT>CfSzk}?$JvM$we>a zq-$ya2!2D($Z=wRPq}!Q!EgY{oInBt@XFO4bATn!v&?fj!n6 zcebr<`jnNeuI4Fn7*EcurZ3Ef z<+5!(^#o7bz}Ugl#ID%Hsy;rn^y={^tBF^DHZebdpB}Cl;|>uSx`>d<-ThJ>`~H&kO=Ft)2EeWr<;s493@APsaP#}i|KNdEE})Hx3bnNl+b7B z6{oYfN&h^B9Gynr!s;YXG+^I5X3xCLk+9k&t!aXF^YfNsSPg#~L9%>?@shIEj6iEt zy2YPdye{?{<&BUIVLe00OQ8t&v6ohZDv;*cf%3V?S!{Wc9r4;aq8vShS)Y}N>aGr} z*@qMu#X`T2Aym1KvAltY3_M(yxE~?nGoFv}3!^_X8nZjEC$QvJYNIX0hz&%D7UF_W zJ6FB{#YdpMv10mnt&FSarGJ{)bh;&)s5`TMo&M&`7~=3WGz6y^fN|Qj{A_}sqJ_| z`PHFy$rKI_tDQb%L*HkIIZS=Y)qPU+O;Ht1;p0=}{0+OK536a~s$dIO_s!S%zOoUz z1Bnw;19wuZeFY4(!3MrR;M_D1QFX)`uESo>Y*jacp4cIFK@~d<$8qfAaj(o8omDR@ z;3M04QvYgyk0P5AZ>P<5;SpNl(Pny9&ZO4SG`80YtC@jSv`@W3>N4r$n0u=C2ZYQ@ zRC3-PYJ?qp*yj#s6M+1F%yC{6yJ!`xNzMWLM+@;1*UZ++r+P+gO`6$t9Wx4N5$xDq zACT3tNcqgX0iF)lvvm zaK2BUs&;GUJ4}#{As5&E^6nVYI<~a7%)8XnxLVh17L)if23MTW48h?T5oBm3Lkk|` z(}N^k$2i3^jV;?Ywmic30GblNrrxjdB!L{-c+N@0CL)tm9-Nv|io z3r;E+$v)cEPjSU4&S%u`wS`Z*$QM0vJllKE{!%VUiMf;_yDJx)eJMV)QsnnMDXOIW zbvj2->G6D*G%+HLQW@Pfc6udi;n0HanhNn8_KS>I9cw?dxqnM1{h2k70?Djd?~+VK zyLKM%7__q5q$fDP)F`t)_tz01Gj>n{>xlN^OQW>Ed~80!8*fs1oMSC(-{Fjg1fKCT z?oXl3u30mWu~H(Kp37pN(z$En10z@saY1Wqtv9F(g~smaHgWOpy;-UgMjffe8GYVa zIo_3zp98a0AdZ4f>U?6Ud2cnT5p~i2bPM|5f=<+r8Q&TKj+V_8th*VR<^2Tb z4%BMZ*sm3*v-`V}Av2)Qn`X*5cE_2o23|LUe8@bs56QEFXGW#Z{3J zhATqJg)8+p?)Yz6t5i;l+N#b{e0|2YI)R3yv-hJ<|v&ZSwYpS*(Y<`L(y=@H>Yi*r?whG6HWRN=sjH4?fU>o?$$NLGde->hzj4j$2(r?V49+YuMo&PB zX^S$|b{)?v@Db|ez-AcM{S)|c*Ve+U5eR{`GOf9TGb>~F)}@A;f!%HmHX{8l_g-0? z+`%4>dz~%amf{0Ik&1yZnGIcsRn!f#FK2zoDIuw${W}?GFS*=ISY{Mi>iBkuHmO*O zy5(?AHUEwi0dhY8N9Dp`>#F<_TaM&}&eZ#z|(l7Q62qzTU zJ2n7`5JleXlnK?xm4_$pK4tDet5N&qHG5Fj96H(Jn=hSgu`_%Q$w-Z-5+HV|A}Lp2 zGCHx5PLH!1TFM7la`AsT+ytd^?5@ad-aY3)IOcfXN#hu1wX$LiLF`>W9%?#|O(xy8)e zUrt51TeGKon&sU6mZXz5_bj_Uwx}$Jh7JwN=YnyH;wWbW*ZN9o2%pj4;3SvwPSr@xM#bk+8}fq1Kec^+YP6 zCjP}$l%x4u4L%zF?|_p~PS;%>yA1B4NSKe?=YXU6_}RNpr(l$mx7vpaMzC*;>2W~CMC*W2hN%6 zyE8lEU9TI1tn9;{xz97_-kJRK_qF-bd|?`kPhz^}1fMf=X@+Kiw+k~j$9O))ePUA6 zxA!x=KgGDd$?$oN-$(d6x8qV=Gn1H(mHE!f_jRbQ&E4Oddw~}}!oC#td@?i7URp>m zM!6?LYx_s|Tl9<`r{<5`i-(bh14QNnA~1ok96c~S+|MED!i@2BV4tsGfktA4Xq{m6 zFp_l$DPveX!QU8h-K3pw&7pa2?PE*^h{u`LGtcchg~iNy7{e|`4=|PyW4>wqYH6Fx zcbrv0+{8=~MTzf6*fy~7dIkHYc+zO!){biJU7&+FC%TyX+iH!q6%p)vuDa$x*aftQ zdE?B!#inmr)#!RFMfH~9W!Gjxc!Dd8DAqZWjrCT1f>kufXNGKdObegX;xL8R=Vr^k zO`)Max5QC?1&MR>18g1PiTrhlRX+s#spa=8m&nQ|_(Hb)6Fy9= zzAA=Q8_MO1{XXB8WoIAS#;|}a^B3;As(0}XeOFxxoJ+o8vYbFtYPNB0 zn;rAWJTOhXe}j7)PekK3K22!f!JXgTx1Rw<^v$=>@&TiE@D|(P_%!6PJ}Oj&0PZ2>>~0WbKrbL0zH+=K1S4cotKV>C2Zxz%9> zs1t{9Oak7_%rkgNRI=Z4{Z|=ILm7466RhlFFYEFgR?|yVq{~GeWw*@SWR^$R^GnZ{ z<#o1|XN4<;C_2ZT6@hiLWp@Lt`K zxIboJuBh+X-6r#|UOfshB`iS94Z*qE`4KZC8)sVUY|8Aj%4$cl%I4{6kku*cm^G>X zo`90sp-L^>L+{YVANRJ?#jbz(9?W@O#%V+adzBev|70az;F(oi{nV8aqDd>hj!R$( zSDEluoLhgM_~h^qd=hCb{$2WHfZGH=DVkwq6d z_ARt?#l)u$2e6G8OlzGqunG}>+y`*~su&di{C&Y|jA9q*a=L715XxgmOxYO_O_@{l zRk57!^KUh)4b+5&IYL|xp_5%o1KFBF7JJzS?BrPlxrp|2+!5Z6tQQ^g4l9KxJwuFq zl1nNwN(O&egY4MkoXuQC6{`y!bgm-dT4My)QzK$ zDT!h=qNExTP27*Vs^z2Up+ys~tI(u~@yF?@N*Rh8$mmu9Tg2KvqRaY7bTaB8_GDJo zC`xe|lbjc`SR7G|TydoS#u-wnh&MTxCGOr?-27jWo zr=sMd5#CnUIo07;=^l{k_h97u7I;x=_#Je0ZQBX%;KXRhe&iI1*SmIX93RzFtmxdw z{1@7GVZWf7Y{1NKDksa%bwrk)&G6`pM!BZuOh=Lga3;cBqA`LOX!8;O!o)@jK4OVxPpWtOGgh9o*S^z5Uj& z_RNsIyY^5`NTNiEH+xA+^>r=N6Lw+JnX^|SW{5gIvlnCcsCz!173-dl9ny1f4Yj!l zP`mUHjH~-T&Cm6u@Ts)v0%1 z_x^&3$-%^w`)z1DA@(3dgy6va${bhC_4B8C_3le?eG_}?RzZK641YdP*0?tO=(*pQ z$KU-U7^z*QU^0lqbGxCD?&qVbySD@Pv&hlrF5FM@A~@ T=bmD!rd9X#Pdh15X36zmJCOHV literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/CornerStone OnDemand.json b/src/internal/AdfsSamples/CornerStone OnDemand.json new file mode 100644 index 0000000000000000000000000000000000000000..2211a7f272c86b99c01d014c57e62c235ed05d7b GIT binary patch literal 9256 zcmcIqTTdHD6rSfw{SVgmg-9_bq)Dhz)w;QrDqs|x(hBn6tZi_EFJ(;#jri+rzi*Du z&g{$)bv>n*+?;P29|i}9YA$TTg@6HDLcp}f|2eQzG-w0H^mV#sr2rk=c%kXj5< zP5M^$PtZ5388wd0$5e|a0f$3a<^wD+gsxoOGaXznLFvkz;qK7he})8Vi2GQk|TUg!0T3U?$ru2)ctj}vdj4+~D_lP%Ei}(mpG{b8OZ#PW?uNe9!crvk`zBHS7 zlHgO%-tlRa$ph8=LYp6e*3A3@$p^S&HakKN=pz@Z9$S^x{tfZbN!OOgJ9F$cd~^fp znLGc6UPH^TD&MLM<#a`UKl_&Xsts;ukbpVoA6zxY_wah=CP?`&of-NaYt-E!mAGMJGk=MmVNcGqHBHtmk(IAgHNFhF1zNl z+CKJ9@seEX>d=?9)S=tJ8cvc9Y%2JqZh5(!B=^lsg6a^xA_=1-#^1#}LoyOCU`OZC zW1vndLLK;SnSJx7z`}}4qG^V8iz}3JSdV@hyP=-h%t%{n?k5^mZiy$CnaiU_bt9!C zpl1YoDHYK^AEnDt6-tY6pn9%y6)dl^BfmC6mScplzO(00-$g)88&+Tz%f@}4!ZM%p zT;3r$jWPhj-~-!RX!cCn80eg-5rQ;ar|BQ}vCn#c>j>|FUPBd-JKNbhKd)X}8<1Hr&5p}S zzG=NTg^hj!H&(Kq`4PTa4}$Vp&1s;ys|C5(RZDL#lL_Aw$U-Es3t0!2nG+IJ7NOlQ zwXN3NyUskfEA%jef-pz=dCZqta~&%_qtCAkp&i?>;)R`Hvi6J8df@1=r#XXd7~z~4 z*^9{p==wP6;;zyATqBaNQQ0@`jx+Rj>=U-o2Q={hJ>EatJluoDS$XRCBpumz;6NPK z@qUi$wt0fyBJbe{*EwFT!t>>xdfh6!!k=yZ+75B9{cNK zTp3N_X~Q8_%Bp2f7+7zJOA&ljg!nk|J>k744J!l&a(;b zk`9IEXv|hTEnsbAE@8AX4^i@m&`NDdtot&ztmZ8sr-S~c4cqPE?oYe#eX28eoPsj5 z=VMTnwusTZyA~z@3E_j8$-!)&L*=;J-6xJiwM)RF9eDym%U%&=^P~XK$L4#haP#5C1 z41u&xEuA#zwHH<<<-$&N8SJfYv1NU&HOg5u>#IEKrNR>NoS0oD_7VTYBA)My5U;5A z*Xb!x8PaP&-DU>=jE6S-$C}RwqF?jzA-k$pk&45F*dvRR?24@AvMcpF?vU!sn2=tR zv2jum6<^QNQ*f3F>m+ETIhWOrwtf#;HQMhwWBLB9XE<;!(`>K(kwkVFdtrU%)WiD1 z(D>}fa-%+v>HINsi>)1e# zx^4T~9h_$E*q5Ae@%@2a8`?+tWP1>vO?(Y*dp6?|&&&h#`MP{k^y`88Su3ain@dr@ z5L!pi-RU>!m54<-?Q;Fl0rbfF<pXjmzO8+%KH67GH(3KM|1`FSvoZF^ca`H1 za!9RWZzEP-)B&nRtcr!Sul~NT*^A+WzHV_HJl8n{SX?l zXU%e9)M)<_XSChNF29Ga&8I^4nN84P=d%f5QS8m`m{fgUMSSu( zUS4uNcL2&u5!ZVIk!%@?C)N|GUVngK>Kh^1Unw_ zJm>f{*l)8UO0O(P*`LSn5dI}1q_eKdexYnts8GrD>Py(RJv+0GaCP5tmXhC1i5o$S z`<6(k+Ut8+`RdiD;`%Pm4ULs8+$gZIqhIVL_dT@;ZCUN->~5_??rD~%drn^K!g!Xd zpYiiK(5>W2R`w)C{juzod6{RVoP${nHSb4v$_Y)2cFi#3JK3fQyo@pN`Dn}5ZvMh1 zm6X|W42;Q3EBLj|>wMmYZe{m*2&YC)^2DmtdgXk(2J5~=y<**Gb&<0==?%N7 XrKOJF^`uyJUvyplM41$2m%RTEvUxD? literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Facebook for Work.json b/src/internal/AdfsSamples/Facebook for Work.json new file mode 100644 index 0000000000000000000000000000000000000000..879f15b66778024ec0b61a6be4aa2aecaf3142af GIT binary patch literal 8936 zcmcgxU2hsk6rJZv{SRpSl1RbCPU5;ml}gj5aTUi_OzKu~9tbR$7L4n~vD3(Zz3n-3 zxjVBn?6SnPLa@6qb3f1AduI6O?@#7S^Mz?FUWw_L30^aEZBjG9)0LTK5~k-fix1saJVqBX(j zG?H};DI-`s#(RXgZqm*Zb8Mbl`xuh};xV&&=DA(xu$VayW7xsy0md?7%r~uHEp2o8 zjF^^SFN$OB7%L-Ro5H{yMp#G zZ=Bh)*z_%{8eMOtsNOQX?AuI8o!|;1igk`;W4#rhU=_{rxkmn-)Bb-65yhtM{%@f(}JaMjhn zkBHKD)s^5bMBX7#_dBfaV^$R!669nDuZMW=nO!_JG3RUhZ4>hc$lEr)>)}^su!)g; z4KSi-zJZqa7`2C|*ala3!+Ljsxfggzm31BJ(?&YfZ4?b>Nf$A_LPn)lgmyVg?pm{C zeZ}Y%OXkQP*U4m2JGn+Dh@;Es32c;J(FDFb=D@sM5@E$9(KN@n)xAqKY{oyWBC(&v znn@gKS0EbIZdp&RW|yxT^^KB_fu1SirBcNEaFy1RDw0;=K>b|jDp+1;MmRP>mE#Iw z=O-J{+$BKGA)>%4R$TX?ggVcmmN!@-V^7x=p3hPBXNY=+U)TZI)!5;AKL?WAIY!&4 z5nHGaZPW$dc8+`ji@UJBxncYFZH!WLlUp5jfI4vq$0VqmnfU=;5|!j-j;EF3G?Y>2 zIl;;`UPJ07I%5l72+FrmanJDH3~Itk=B(Cw)q!SmY+?Gc zPvK_2Y<>1o%-`)AyhUclb=3aB|3FMivX)Kb#@*E>nuHBB#4XH{Y@|MnDg_!9(=^7Cs;2^9B+os7b5^ zBdq1A9hsW1U^S7}#OE2VJ79Xd5!Mn^0P@5X9=wDE?p4WahzGSRT)p8=m<*hpmi)Gh zC|uy)b?)7uCdxV{=2BEmGlLAJp-{bVIx;hue1{nV8aqDgzUj!R%sk?%Jw6TQUw z!imKJ_vxV&iTTXDfz|=$lY1?XO}PgLkj`B>nG^dH`{DXBh_&9rh92y>1d`OZvKTzG znuiv1WYZ_s3Z5#2rw&ILNo4lz%9Jyga*x0)#rk^TkG6L^q9;!}*2TV9i+^M6J90-B{qISX2O?PAwptluq= z%lmbACfmr!HufQYKAQy%ZTPR1F0OOS)<@j!xMN_o=E;qo*xa?Yzl1E-lIouG%vM#N zl^-KEaw^JNG{n>DKBqeTF5LxEeP+g5-$GrK9)1s8PtK0^a1yj*gjun#H?!vA>31rqWC#$392zsPnkU6n7I1WUd8sMqZ*jL7oBYPLK@gIcg2H zxd>3Za0tfLec#W|>xA)eZ$qS<<;-{4s&Vt>97g`NbKmx14H4%~=hv58X0LYVbr`y{ ztQdzl7Q)4=#)osH9{B$Ql7B1mVttBhH>SU+DZUIcR-WPs+Z3em%s~J9h_zPbTXpKy z*L}FC#H_)@l>05UOo$wWh!7mOUzy{oxqkjsuU>sAjyGjMW~-pTOol(dwIq7(_vP_- zztf92mem<7&ejg%zAfr>-&5D7&|8%1*YdEsxsh?l(R|dsvf}cTkZg>7Oe=cwS*yKm z&n>ieoPSnq+Q7>>_ESDms=Ka^yoL3}{#!Q+IxfKu{06IrD}(25tkA;3dU<4|qkit$ RrfOPsUH=S}5@nWr{tG8q^~3-G literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Google Cloud Console.json b/src/internal/AdfsSamples/Google Cloud Console.json new file mode 100644 index 0000000000000000000000000000000000000000..6a69432d6b3c943bbe5e4c78cd07f2e47308ce90 GIT binary patch literal 9000 zcmcgxTTdHD6rSfw{ST|{OCrUA5Fpf1rMkINgja-yENv z+1ZP2>{b@L>-EgJpYNPA{PXv%`PO`6qS+@l4Ku=LVy;Zjbn)%dOwAWOpW!|<9n-e= z3BJF;y0%I1Il}LK{9V{}9b6L=o4Td>(bD&MD6jS1Kbc2?7Ox;*2lCvQb5CAMNGeH z1Rmdjt{Zs1#Hy)%L%#ZJoWX@^{&^p~2feBJ3EcX4BDx&|6MDc#)oZiT`adIITIt&I z{3qsKL5~~gKrHe|u)vJT*1!d4~HIo*1i7@Tr0O9`1a%X+K@8Xq)fBZC%{5Z?`RVBQs2SmTn>G{w646-zm+M?cNoyq;O4q^-3UFd9{E$tQ=@ zrFn6ndMVnod$tUwgY z=6y(Ek?$dw6J*HH<8_JeXTbUite)T(;y!B`>pGvOh~#=2qjg}!V<1EwxZumqm2V+& z3$oYNEdRc>QO{hbQil~_5j%uyV&GWPjTN5R=GTF|9S>o}k)2?&_KQ>ecXZgpFjkn+oEXPxhPXaX zx;TxjD^&8wcEf85Up!wq&C3vpQNd2* z9JJq9ikEn14OTrhGs0-ndadhX?021hWaZ*q-NlK*3;e>|W=BI`hP1@;6LSLIUD$>5 zS+Rx6^*FFR7{?ONtcc6gV8pd&GPEJj1teAt%Pb+<^=;&_pZ}f;W5x&#zQQE~th@qEu%_+E?S`F&vW15qsp;WYr3DP9cm1i@goB(UapwC%%f^QQ@ zI>kFiET_mTyi*j~vnaHS>k$4E1fU;o@TLO^DJRb$xJx<@o|h4ocq+h1C1z;nLhT+w zAGH}Pk}q=u+C}il2{d{O>^Q>8mif(U{0UdlnLAEFnJD=bGDYAlKJA$Yc#>GjG!=$}uKQevu`p~Y;+ei6i@se}Xf5B}Z@-t3Z|5*dp=aZt7PW7{9zkfblgl&22 z=oumXCb-TsIGMzG73@|d)XETJ{!VPwj4+e&B%VMIu#45%7VKnlYRge`yyKtVpX&27g^ct2SH)jEI*Q&(o?JT3+rPLbsm5h`xX}?jF zO>V!;zw$p4_qGFRR;61euh!&c`XVP;)((s&_gg3Jb=~H+e$#m1xo?1Eyed<;Eh1M;mz?`K7 zJE-2g@1lb9&W?8bf0g0s%ofjPcS^9kvINdrSt~B)=j`sHNLK_aj+J@)tEI^9*51Lr z&GK~bsp-1#DNEI_)?xi}EA!K}=F6gY)>NLsasFc8t~EQp7oOKqi3B-lv9o*GrfzrM z;_B*G)7E{?hEpIo|6?Ov5YhY$Z{)*M98QXywv7O#T literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/SAP Cloud Identity Platform.json b/src/internal/AdfsSamples/SAP Cloud Identity Platform.json new file mode 100644 index 0000000000000000000000000000000000000000..4b3bae15274cf90503ef8aba30cb870835344ece GIT binary patch literal 8364 zcmcIpZBH9V5Z=#~`X8+8mqdy&B_*YfD%DMzhAIRUoYE@fgJYkGTN_i(1SsOKw|$-& z&+Xox?`(oAi@WoAci!ijndRSqZrqpd3)h%`64!BKe5UTwrEY+47jEW0;`tQ!k?Xsj z+^6{d4C{I>!{-ftAL8#^*7b4CT;ke7^PSKSc^I$t-QT-MkrqEezCPr+c4vXSl#p5s zb4^l_{S)*pYDSIw?$2C{?GlFrSmpyPFoLdJJ#byz&q3+Jo#5#}p06N*Sz-uljj=i{ z(K-Z`6G%M5-wEuxPC1X4^m_Cnf*um-n*3x41H>F=rZGHYO zdsQQDM=8;HGLL%s=~%-Z*rqn>*Q(ZM)pbkXi&S#ee9}>hQ#f-$8O7Q;%~=2!E+OPzLj@P>>s$V@o9ql4(?lc+LX@#D|+rb zaQT2$q*0c^<8F+1d)Rx1kD{!vP&aF-P`4#(cuBgjsYWh!i{Zxzuq5Sj7(UngqC+x#!T5QOUl{_i0se8q-+idxFd^_PpND z>#VvhXrs}-h5F52?F{z}dQBJBbK(+I+|K<)o7(HmVN(=So^+3B%UX-OZki9VqP1o#HmD^M6C(uf-; z$oq+`Ox;&l&uDDo`Vsdnw~gK-_HY8Um`ZPV3O{jHOd%C#4zF>X>G9OeZk_!vd(y7V zp!C0K^(2ZZ&3VRL3WT*jk1;b8J5yROQzp+wYpX=7YM*6;c4s=#u>!3=DUdSzQLTJ? z=oC8mz6C;(g73W`zR@E<@ z7v5kMyG!r=MH53zkDW4UXSrt<(fI*gm{K?YH{AE|>M`u1_@(o?&4qpyJ<-U!LPo}O z*>w!Q$D&i)y~}f!RE@4xMMa_v+Vj+hQzoa*iCB=ikl}9#i`(4U0$OD`O6>?rJ;9Z= zP!WRhag8^9*sF*4Jl)_f?PPcoN7M@ETxKoti26Q~_*Sp5Vudnypj`t#dJBzS0$bid z->&;z_Pxhdb>@y^*poBXV^D2?v(bBiCyiddH(SuU#Kcds`Z=Ch5BQF8aGlFVy_nP4 zeD4GKrQVW?-n1g8HIMS46}QETye_k%St?v-XA`vEL$RNt8YTBSK84hrfEGv6Q+ESv z-R7E}L0U%cWKN+E$$!Q7G3=Ux%TugWYumkyIPChEF`T|_>b`G&y#g(Ius-jfNi6fc z^APgt$rdAEC|R})Ym7&TlwEixte6S(Zy_3~S?V6325(8--oZ4#BOjgcd3`8r%l0uo zMO5W%_J45Oh5U?N_6$Vv_4#DcxvKfu5FtE`Hms{hQjJsQT87$3iFx9u)4oS|LqhW@ zr#k9L{F)(lQ^{#&0x7WLi7W1Ed=6kQ%?DO5wW9H?s#)wWSX(&rum&({z2vt0eiN?t zT4m{Y*2PFNE>#t<*l#cY#(G5UN6?5>w#bE9VYu5bXuF49VbyQUyINMpHs}zs@7f*z zCg(Zqw5)P9L5URA-mK@O8uD7iC$4?k9rZxhqK?n3fMJKub3E(NS(jeGGUVnhK<-wN zSj)X-tn<`5!=96o@)6iv{og6SUuS9k&x?QChcx%4TP1JY)tH=hU6PlqXa~la|E-^Q zKK@;KeY{8UApBoW7SLS0e>n~I2|S6>8n2NOo?n-_*7-ZmC9hu}or@wdF_<>=zoqDC z^nXE&2t`l-D}7wIH}qc}e_zSj$+Qamt7sIZSY!)}@5T0Cw!hwk#obmx{M#Z=|DG0G zSM(OChFBh>n_pS3II&-reJA4b^oE@|>zE;W@>$v522K&V8C#qWKF2m~*?EJjN4NT_ zYb$RdeX;&7(?0$^!Mu5etYK#GJcJ0XU05%-j8@doJ#&gVR(-$w*%T@1F1`K--+Yzj literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Salesforce.json b/src/internal/AdfsSamples/Salesforce.json new file mode 100644 index 0000000000000000000000000000000000000000..57dc340d766215102dbd1d8fbc822afef8dcf62f GIT binary patch literal 8496 zcmcgxTT>%N6z*rM{12(|Wv$u}U}eQvmPS?-Yq`_{VioX^om_~UkVpanDgL_peSLDK zdwMQOAX-zIYxlXI@0{-Z^Y^3q+aLgOb)dyhkS~Tj4`$@aO9`n(C()#B zWxs>IY0ao{Y(6DgY-Knc!7?9VfgW__=$1Lb^#+t~O&51Z_Wm9cs3khERv)9=8Cu7n z(uKr5{JOB~D&;&g$7a{cN1L=@kD=u=N#weQ#PoS+!v;pTFqRghzbXBEYOC{i)~gb6 zJu`q6#lCltt!3?X0Qm;EQ)|Cej&kk|LAJTBJUl7TNe@#h5o`-vwjb6sJrrta2H10A)@UM z$Qol-SrkO(t=Tr4W*xt6+`lnZ%=sGEP24eBH*i$JeH&N4Ten9GBbw$LaQTQ)+jz># z;P5uYxqZwX;Sh9nmFaOMmFX#C4JXM7Y$_2;-9ovXBrnA(iRx_hiX_Yz=0bmlnas^T z?C3mthNzPoQAK<=%)WV_V_}U;M$-i2=GQFcup0d|ce8q?v68mdYQShzxh0<*Ru^ZD z>PAY(h@JuLrBp=wFiRJsDwO8Mf$F);RbqLW8R6InD8~$8#b+0yzKakwhp+-sES>iu zg+-o2E~m(lp2zDJ&(}cvA*?>e7a~8a87n*QCy3;F5~Fos#2OHy4qWhM=g40m@d;$F zu2}v(YooTgPoxejz#?`C$3(!*v3UnA8I|nETz^&+ry-3+o+D&-y4Q7nUPZO7neU;; z(0pfc`yG%(5M0l@sGbL?6|0G*5Z|0Giee2&!;V|}ep$8fJcf-KQ|wSy5!FP8F=~v^ zZWmfvtM7ByLr+U|GZGJ3wDb|pmswGdwV!$DSBR_~4`Ic=UEQSZ7bTU!(P4Mfg>9JY zTurholhvW?@ub6>q6?ZLr>Cg#Yj#E#eIGl9b#w$ZoWH{P-Xd}f7H18r;)%4|<_nzJ z3s!Ny!gbSZq00z8903=Gwu`%lpST)qLn^K+oW@~JhwEbYeN>b@7Nk>;f)V#AJFTm@<>QOi6Nfwfl($b11*fNI3+^HE@+G{fu zVYTA=z@beHy_>KocNuDsUg`(4ixCjxJi_;WA`zv&gd`#j`Cnib5$g@ORWM#`-ZrmN zQi{IMlW}Tg6I|S~xX5!4Q6`wgn0>&Tv@Y67`Qvn@PAy(TTJ)n7yHc&x*e^yf*>d=}yK7v`~@um4TiBXN!ENZd?W!7^iKz9IM ziV^QYi_(;1*N)9i?ztYr9%{+p+aBbXNG3|r+pF?P-rlbISrNqF5zj;MtaWr(lzx*6 z#u${H2Un#O^Icszve`O-zb43vwz;#<4_0UPWMNOR7@s59i`9rR!0ON5PpXu9J0@!1gGTHW(p;DoTCL)gw)>dn zcP^D##bkA_gAVK5vi`7s`n>Y^gtc5cye8-}PZ)K)pLkWB zwUT>^x`t=~33g!_a&s0Scdg^B&(1R18_O;dyJAMlRnkG_WsRFJ>w5Y3$Gwdq%}ePP z$*UE4nNH71mbL?<$$g8H?#;c+jt}Pu9{B$!jXj$A^XJoGcg0;HS%FEUG!W&wm!9QX z=5If1Lf(fnBqj#4TlRIQt=V@lA|wvnSNgbYuJ6Ax{;n@#UtCM^FQSo_BF`2Y-}&~R zH^1D2>DgLA+}kuy_nsD8RrIE*`dA*Kn;V&}IH6zWJri-czr=2j|3NFFN6*UkI&g}} z&Di34=Q*~i+nJ9zJ9I0rx;pX+(x>b1Jnh5p5!TH2$Qot_cWj8z(uFk>%Sc6i?ygwK PvFLgE-7`{>S#tgtB;Tz_ literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Service Now.json b/src/internal/AdfsSamples/Service Now.json new file mode 100644 index 0000000000000000000000000000000000000000..7201a952d1efe9cf0b903f2e10d716dc0e6ed185 GIT binary patch literal 9138 zcmcgxZBOGy5Z=#~`X3_q3nyI&FNM;eN=>=D9@TLm$n{zQA99WZX$he?ycO}++dj`u z#=Bm}CV>=1i5+KmW_IS8nP)fu{&R1>HeZ?A_!XI!Im2scZcJjj_;zJR<`nnmxb{tK zI`%rm_brU;m=v#l{NBU+(vFMqnVQHnt;|C!-`AnK=65|duY*;*g?%yXxic4@y|j?4 z=w&NOtnJrWZ+>N5acus~RKSErox@_rJoI4;qq`VOk1^h~{&8vZ zi+3@qg1EjJz>DJFYuMJc{`v^}2DnpiKi7_G?Jb~#I48Oo`{!ycYRe$F`I~JS1WmTi6%M{gHhL>#{38@pzFrrxJNHk{4_y}1v!s`OjZkh&OSGZfW8FXnF zc}Ad))v{VG;@c1ih;o&nT4T}cA0cC8euCT{?pV(bPz4gm*Oe?)`ui7TNIM%_p7E@* zH;B?5R>SJ~7uMFd`l>3f+E6Z6?Dy+$S+sVc?F1IE>imtXX8AUraP6uq!d-~4U7+g^ zSRG?lRn#N%Jw~mVCA>Gxx>-fEV)GrYE4U*%m+`7Y`v$Ijwq##jjObwQ7rYYuwmQKE zS6{=rwu8ABcu6&No#=ipo#>(94QELkJ|#w_CWLl5OP*Vs1l2|KiX|gNkGXI*u93{e zGx*U(^fPRfo=^wATV}_6nBZZ>CDAm(xW{{xYM9UZGZ%-2TZNUJ~5sCG*}x!PQw zHM%xRIskeG@Rv%F)rVO+om7$Z7!Guuvs?wsv&;y`MyPVk5O#R74vk#|)a=3wtYZ1R z4<$_VJ=F3E8PfN3UE%vVs{0ULPw@*YJ-Zh>Iqye6ax=qd6E$KH6{3l{;M>lT?_qHp zw%6xu|F-o}Vs105!wxWwAHp#a>Sk)*V3kBA`IqBkWjGCGO!GZLX6L!Bi}O>uYr{t8 z8r8J}%p{0L7xL$Wl(2d^OSML|;4|`PVezsD;b#gD5;5c(^S~@~KgAkFc2ep??X6GU z-8{^|RV3QQTIkm+-)608?Ci`kzy25fxC<|y*}Y2Me^FNVog8wP6ZnRi%)KEwm+bW% zV-vo11CB#xc7qPSXlI;&#gPvzq2D*~`7J(gZN2Tn{SskCJxUQHr zaELI%5wd=0Iodhm#JybttGGvSD-JU@+~ty8ldqDyw(Xvg@z+(Y2bhxFCFT-TO66xA5i;buiw$Pu@wnm6uf_ zqJj+L0%m~q>eOkv+67yEsd<~tPY`z#}@$=Apf~GFKK#n!pALUl> zKsNa<84}UUzBjuJ;;S>Zp#ys^fgW8?*}Au^=AOkFS@UOW1y2dWQ-nQ?BpTzXP7c^b zh(z*u?uHbNvOb^J?_(5Mpo{J#W*^EUqowTB?g=h|oJn$i%${m|Yvu=>{v5$CAFQV? za){&eBS=27RyWOImUWz`GqpcSElIIHp0f;K4|jnB>m#B$#k&We>JG30{G?f(*|2qH z9iM$zA~{Y3+~G+Kk96>y=Lwu8oPzjc-Qf;EolY&lu@D zE1!08UChdKJa@tVQte5pzw{#aO|DM+UR<+Y7lQNkm(S+jo8ft znJ?$hX%VG8&H4K!5uv%`BS+7N%JQiOY%k`rjOgA)q{$JOr$j)Qg)*yZ6s0)yh(Gd( z%8$rc1vE=Xb`~_Us?B~$UmwF(ttqqay_OM?WiUNI zp7orDCf3jT%siIUV^%4b{l#1@_Id7!*r#|lrDsyl?P?z&i&eF{+iuzZ!c+eP)D}74 zrR_a@d%VM|4xgX2;R&CIvgQ9XGs!;_2u zL)$j&7gV!9F!J+?$)tZ5G|t+k{r_Yp@s6T*^jw~C6VAnRZ#fHdyy_#?k&nwB5Jz@H zW>CXD`z$*Y*UWuH$YZC|vj;uWyT}GrbyOKM#mEYGB2XmS*|?udFMZ}gDG0a zlVBoAwUjaGX-*#eG0O7$SP{8xUJJ8Axlo*2?GCK*xpr;5S0o>8LJnEftb5Mi>}et0s6Y^2nlaMtMGejNl$x6x4bl=NUZr%5iE51Xmp*H6MY8O63 z54z`Zb|NX|Is~-VGR-I{(qQVZkfH>ooCsbILq>WDEdNn zGgafmIZ_Y&e>BNT6?sK{ieNV;9@i9K2Dv-WDTQ|nQg}k5|LzpER>fO&>ebi1JFdj6 z!NipNEwN099E6Av9JpT@idp8I{W|K0CgMbVel z5zNol4&t8Xb-L%&H81q$rTVoztZr^(vEyhwroFP_@=TO$jD1Widi11hZ=z1IauZwJ zvp>Z*O*``*pRT%9cU>L%0PFMpcUmv#xCo~_x5yf122UATp@oHYGS5gyeduT+}!ODd~f|UONUm4zUv_MEUE$_s#Ly znVr4ZP7GRkuQTUc*9Oif}sc)BqYbAkIyT>Bzg60DE7UDY#nQ_1IRbTom%_3a#V9~B03o7j4t~Axm@$yvJvcSuDm9Qup4j>{l=MX z8=JmlRihWn6y;kMFMHM#f)mUzMzPKjZ!DMb5wd84;|ktxm~|XuL}1(IZ-_&dtv zeKq~OjSoO$Vt$0AUEC49j*;^TuutXQsI=}c$cI)swmiRysZ&UP4-JTwf5LBl%dZMw zRfcl9BEOHeWxhECw;m)Q#{7k==JX!kPZ5PPk&@@D`eayYWA=v5a&cjOT z&STCRPLdXEdIOIN0)%ooNuG;D64m+W6-g%W9&=$ZLqulY0Csd9J%x-?0qThFrr9?i z3M{N~$!MBj-295999E;B=5AikED|z~6zds{D!1g5L*nwRQQb)C7|}C?y_AY*A7<%d zRE5&KI8Z&8xk@ZAGb0=u0p*w>tmo`8)OQi0<`7mOie>XYq_D_y$mIkX()W1X;Q10* zK7!T9_(EJ~tzzBg{RENRNMp1Cj93FgG=K}f>>T+sByK_W`ikY>vo=c1T`F~00T!`C zI3@yaj?G(W$*5$v<+`u3I1Onm@*E+vvz@H-b688`8FsOXvQn=>!mzrs;*LR)SBdV` zL`jHTPD;h6rsb@Cu&g$C9z$x8cQukQ@5iVfLOUt7pVrlA^P4Vy*(&Z^^38^=8tUP0`;>5kpf{?=?H4 zhp1sMuz^~?j`PGXMwHB+$;ypYmv!|5mwU27w#E)yy;cS&&yk>Hmm!S}&g5AXxXur1Q9hFq#^%v%py*0V`dHG#pa25k&#mLeVU9@E1RIuPH83eu`ask3+`hHd<}9L3ci5tlhZTlnAItg2C@@~fRolyP(1yX*+X)}oR6 zjWY!Mh%T}-#|S>N@$!FJ`U;!{-<$;NX+98%Bw|Dp-Y?t5Zo(s*sGGh&>lqFWXwCf@ z!7TE4X}(KiRAV)dn(Qc<^<3HOivGD6@d30bO*MACvAM||(qq^|_QIGqT|CXlOXcCC zeGA(Al{|v}>%b1F1uxJWY}tNd7dr*J_K@8Jo?qIrdHX1zY-QlO@4w)-2l*wEiBk0T zs(ezk6RUn!1o8K;i%>jo9o@sE-=u;u24yF~RjC8$k@d@w&DJ6OH9-a^=GH#nTb~kR^H$H&1LmdUJ{luQxs>%Ki>%xH zG3=A5eIFXJQ^;~*R%o?~GurNBmfyM5W)+jwy#YF`bIW$^zuCPac7R%m>!3u6VsG{& zr0Vl3;xqOru$D`Q$DLf}38Rkp6R)bXR&tL}R}M`e!8=%n+?)l-UF$gOv$KqL#Ih^I zUYL<`k#xu*I$i#&ac^Tt^IW=R@@hq1rqgqhW$nOda^K>#dvovd{P{H4U2&I(|H>t^h~yem_r~*FtNiU}P00IjhQ!2RcFVr*v^Dz#7=;lV| zD^BQ_dCx>#?kaJm!GDYu(W572djmK{*!8XNq2u1w$w%<3$ zXXmoswGD2xVsD-~_w$`Iv;6zdwfWY3V=A+wYMSN@$H-io)O7GPH52m@_d{I!CNXV$ z9pU*Y#w9xQ(&9PfOCZmcIrrqHgw&#& zX_8vmKSSS8GiscePni~vavY9enGdi)AG&gM$Fy+00Hvwv;qJ)Ze}M#Qi7u>lhS6z` z)-kB`AaNgmJ=k@fa=takX3xq;n{;50k>xYVm2dMY8hWe7EN%R!`ltBh2zp5n|Pki>`(Mz zUL_be0>81@#Qg}7uw}MQ-8?iqkYRcB$@}3os7=f-(57oSq{ydFc)HAVdr<0uUy(Dd zY-}+G5O*)3$rW@Up8f?L`_L#Y#bC8>F^9fDgA5)g;}##QrvA8)9;@~Yx4 zj=4j`+n^@etCeuUGo_JsbS9dxYlvUc-_WP1NU9)zZypJ=wL+K`~WT= zFlrZ1c^Mqy#z=R7x#u_pUtMjwUQ2Dd$yvim(t=H=@Tj0fESHnyu4pBhm5*MLgt@`2 zIGdp+v-1pgbRK;R8Kp|p5Z_I6U|!9!u*M~$X@YT!tCn(DkA8|Dc|Ak4WE^QdU^J@S zl1~n;i?c>`Bc)?R&j9vPDx!UyrOQzjN{iw^^<3pDvAoKRcx)9Y#|&Z3XCI=zt0HO+ zVFjXCnD;S-Wu9X$C&-Y#$7_n`A@F_#tB>&uv7hyfwVn49L~n-t9AvrVy1uaIyF|_3v@?2$ICc;Z5Ib8q@8JB!B6J59C#M>o zNINy(;mk;_;rtQTx_N}IBld6=I5Dza-4K4_`Y?r5TxU3q;~bAy%IwhD^RoYK!3yWN zclG^ogq)J?%!?G*s;g|qOxMayX`M`Cd#|xv&(SKHr`aHVnXKYidzN1vkTN?_sd)$J z5t{hpDt9nj|Ic5IIn9f(i&4Rzgm!viDNb?EYOQ)|X2j8?m0ib?lD{6r@<&|&tzyro(sf~YE`8DQ_Hz)qm5d=wNh}u zA>NNT!brwsVslbegchN0u|n1WXt?vb$_4f%o(SkO#FKYnJVBco=eR=+(|_8z1o6% z6-2YocJwpc5g9c@t}K1ZMZE;IWbQrtOSvTlcWFg-2o9fpD?YMTBpXfF*uk}NFeWTcs_$QQ?p^7V5G#AUdy8K zMJB8AqXkEx?Vk7H(RIY@*Rb-k5vH}xdEskDh~|o(o^OhaP1o@HLs>`ZH3arY~{jh2aMfODO11q2;-xSF4w(=Z-iqtsLB!aju zt*E19kI&AJI}VhF(d{(Ue)MkpOS0a{OUIpNMx1gf>QBQp@8Tz}38;M^8nFisxiEXQ zgGvHz4=~H`$t$y!CHvL}=&<)%b%px7-A(0cM|;qk^*(V#yKPeSdClV!cd@c|Vbo}J z@}9jc`)ge#^DBt1lG$PI!7}9LERf<}`X1WVy-%_oPw5!B?qj5UM88%1RoKm!ohE0%gMpu=$rCTJg)^N3|%1L{K-!vQsILSggurhcnbBUek{5H?Er5l{3S9z3AbxS-$s_qh1~L z#Otkm>cv(or{O54Hv5R?ioNbP%I5)5w~(q|ePTRzBe^pd?hL8_m%Ylq(E#z zXI|s%@Hp%z_$^VYI+1z^yq1HzhTM~L_+7_W)wst{>+!b=vNrqa(VAZdet^)%TAQ^6Sv*w zWjM>h3xr^CkYUn`uzwJ~Ma;ms6MoIGcwCubN0j+l6gU#DwC;vI{l3>o=iyLiJMsLZ zAaF_?h+4;L-K&hXt5FUG@sYlVqU$2zd=qxV%LpGd>53kwah_oY*NGs8=VcnMt94gx zp&0xI`st%Bj^9!;QdW!t^aZ&2E9Jyx7v{!|+#)d7v|_+^%dx zPd3u=Tb;;-@1-|;S=;e;0NZ;ZoGyhiHuYcP?@^p@k{xy!#*b_8=dJQM9&T&4LqUKo z`c1#C`>%8d+; zY4)f3<=$%ibk(9AzSS&0tJPCoRbfb0w`}b;)fee88=L&or-k^Z&lPGUNcKe2b8*xx zMH#LH$xSVmX;)Qx4U(a_hn5^)Sxz+cSaeJreIppnQ!Gio*TZJ`VFZO;E|I38+D-Rd zKEq=0a~o2{vuH7qBlihNqr+|blq~jmt#RBKX;;$I7rlHG!@jJgvyEyaO_Kx1^E$sK z%h%~qZrhZVLqqWU#3IhSrle+DRKSWA^}am9EZ5~(UQ0uca&w*Q`b0MWR8$}63HBeK zhJWXLC`oQ*GTM@jSeAuo$u8t!r{&)S@t$B`S}^>tB8__CV+M8E1I$8)a+{{?<{&&5 zmPjR0S&Gue$!U3vS+1MX>|(^5_`Eoui#P5FpT$T_*@`8I-Bzt@E~0CT@oj~|aUe<} zIYc9ikX>xRK%T_L?v16T``Fndk0S3r7uGbzXQQvGHZgCv@-Vw?!^5L(c|TC4OhZyUXVKh+Vx0?V?u9)0a_n)a2#&a5Repa($8U7} z80~IX6vxvn>B=IoKWK)5v}8%gcluomj}=RlIoy=?pT=12M0{f9*ArB%AQHx9%`LBi ziM@$tiEQ^og)^Neul=MXQ>MenTu&C$<2GdGAkrCV6HJ46?y|gA8EafW*9MEWY<-4D znLX}jWa3NnWSjE*>-w^O?O(0zN3XLI=Ho09QbD8voxY1Bp6eVR?0C9nl%>i2wYP(N zJ;9SA{VIQr!l&W2T6Kj#QPyZmjE8qq&=TzP<1u*Wa+~gooi-*4M|FM2qh<-iHX4(~0@LC$Y}`)8#OO5i5iJ zyjvRWivC1}Y3?tJK4@DJzT1+YyiLT~C7s$4b&$*APGo-XC@)u&B=SYnE>?*79$$te zn&tx=*0w9EW4#7`M%lW=i*pEsB)u$WNt~{)`?L*%3S0ItJN( z8>Q*4D1D}xEqY53tYm(k2+J&gk^!@Pv#-}53HwL#YI%Mx6=rD3ni5?=hmN>pT<*r1 zuj^fju^5dV@JmscYhr++Wdojhylh8fvlB+#4A0VDbc#RN&tyF_OZ?G|BN2~OqY#fl z*0j>epEpFKwK?JMYbN&pPld&)=sX;W!K(IK!QhFGdF>k&L0v@H!2=4kH9D&SsRz67_I}5Dih?*L*wzjLsJ)+Ue$Xm1t_-wsqeILXpccn?hlL>c+ z>tVE0w)QfK^f>pKT0aY)MCZ>L24|umv3CCo`;KHOZ#x>{k9q<I3%fkB_Vb;FNxm-M$9E^@*S5P_2Nv~^ zcWC5a5RdQZ{S0r^SevIcVjX)H-&@rl?{+;NnF3XboaX8Bz2?`!+w^!F(lYk7YTc^6 z-0WVCH--63inLEn#?7O+vpd`VF8lGw-!x4+zCpxzKR%4iJKJv^idL2-P-|JOW%r?F z#EoTHoThQ3`poac?nei|k6wE(+8AQVTK{VOyAS>QCCVZ17>6^yWAK*$YZ^yB5t??E zt=hKqHlZJ@Y{;RgS8(;7C2y!_d3V0JC^JdpG_S{;ZOryc@LO&p*=A&eEs7`hj+huM{abVL_{lfsYUr5Tk%sP(Jn$+KF zRPFyv(%p`rx#_s$;Po8s>(n$Q$cl78w$igsR;QHiRoj>Q@TSfxrQPO``{?u?-GBNR z)D}_UY2ObzZ eZ}EmjVeO1E=27RZ{hr1Te}4TMae7)WJN_542%e#MYk8)Z(hkQNAbM4Lpc_|^a=%<>* zBKsHUo7IdO_uS`Hi|qo3HZ1cI78pWTu0C-c+%G`s(hcy`mgldKz%0>+wN9}*F3>sx zl>sCk;%@-EE>q5T?#R6m`Dl|9*kdewCaGL!keEKt+pvYzCs<31(chGQHnrvXyXaMo zxS<=tifZ34knKe5^&0Yx@MPA$uN?KH5nj5bPBJ2{}^M2#b zuEb_2S>5XSGR62-#ml~ULUDo_#wfNu>W#%RK0+2vaGe85)^J_PwTjO%D1QdGF0yMC zei*~^Q3e6(ITfw_8Z;*E7s%Wf>M^qBGv2OJ4c2Sz{2MZ(ldi4KbfW8($gQaPH#|6m zHgPS|niZ?*s{A4DR(a_V+y;<)^d5Z&8MPLy zAii7fz`ZK5FsnJ^lF>B5y4khKI4nm$%iW@$SxjUc8R|0{O>WI6kIB_pW4e*j5u#@V zdl?ngKA)xYQB_K_;=uG=i+hy0odxS61|85$3s~0RA!f~{i3uU zcslH92Cxk?oU;J)?~= z_X+n+=`Hdej(`SZ>D|uYC(e2?q~grrHO^;pe(Ghn&Hj}U-+>j*@$9SkPA;Z2rx|lG z5Y#4S#!O%AOliGLi9DNyHVd?>_E|P)_oWjVE6n_zJ}LXUet=G(g+ETLqv-6*V*x{0Pf|w@F5&EPeouAWh&94pj6HbASVHd?E zott?^!rbz!=!r(~zKcEIKva`!p9x)#zF^(^{55d!ELOAZ;QwjTU5#C;01w zr_GC;CzBL?b_IQQ@HvD>HS-xC*Z8Ifdv)R8I&;S{EXCPq3sf86tX_`Y13YQ;@_VxdtxK%? zBCDU_i8#;i=(FooF6yP2rh6aAFZGsGRHhXZc4k29Jrw&X zT2XSZ;~q5UmV2 zw0z(EdIehaV13>{m00FEX0I&S%(JSw&j`B~ny-v(A%h$g7M`z9wqd z#L8vS$Y)kYRtf9Kc`j!iIqTI6SccrZ1;|~olNR*f_tG;Itv~EB87ZHD+139|^80l* z*8i0FZ+no&I@r6?t&-R3^djApmn>_CqAj#fs#~Amqc{=%?eW`Or{O8bQW>|ACmV9Iy(;gI<(+kN9rI}RH@@Z6uApG@zRVCUWvcwMtroX^kM-DQz(*j^qhv-a0Z zk=<>*ga033W#kDpUJB=Moi1OFle%~CQ zo!MFM`Vv#6Xcc>RJ#+5&$v=Nzny<}QCYoNcshbmALo+dL)56oa8JqXGAK<%Z64SKb zLp(pmx~3W7dWGLR_&c-f5`2zKY-$$f8w=mZp}5xf{np$LxOfWs63}yDPCa@_A-U+J zoU|?NAHZ*xGjg1mKT|I5yQV7ZmsK*M(fyN#|>GXr5X6D3ccCF|>HbDP03lOr3`^tYdWxYbi16o7B&TwmyC5 zwJH|ZGkr)=_bTfLa4DBdD_*|nOGI6)7i73&_+#&RAX!;8kaPND6Z*}|28-x1ynt)|b+ zrul?>K5g1x;!G4M$Cj7)OF$Z%A3=8qcZ_9+hyZOwLgiw+RMtPkI~wWQVsB@Joj^ku z;DwR%FVNnz_{yTK(ohUn==Wo9k*4;6tqTemaX#T&J$x5$$h+c-aTi+GJ}m1GP@P~` znZ{%D(A)*IyJpASGxzaS!JhB%RK*=F^A4^Gus^^z-)-Bgg%wS#eut}#-*#ru;9_eS z)Aq3U6qiI&mxV6Zl7+5v(r}bCAXBkU@)pwND7kK2606QzuTVnYNbq+ujgR!h6UfnN z^fjzb@<9dmT{nB?#S96nUDBGyST{dEDTej%r@ou#GaDBvYmNN0Mx|T)$;IVjuTkCz z=@8b_hrASua36ZzQHb#`AhcLUd;!xeiu$p~Hfl(~$_aTHu zom1JmMD`)1KEf}I^2}V!;=CWjl544r)(|5$5g}@b3qI{!`4cE^fcDCo z>EE?7YMYNK)nNu$L=NGa7;$rCo`6eQC2KENixt^v2xF1w7@nQ2Yn`5#&8%CXSS)%A z8aafOtj9vasO2cs*i;8**3445OW(oI5hO=TVU4j4TcyvBkU0c)yHIwTQ&;V1u9m1# zM9cXY=*KCaW{qXc==3f>?&syW4=JA5{v<2E82XiX@8Gaz=|VR2VD^Lk)FWJ#CNHk>=&tYvJthGfq z*y6h>m0ybOAHq}5Zm`4|H`ptE8IeY+SDB!4TFwegk_+()GC_yV{gjGUFQj&runxXWId zbw-3KluSzbj+OsKYA399X*Z+k-VOUpd1bwRi7<-O6RFQz=%b@)cS}kgPme71JgXUa zz3Iqo*qE(0@e6VdeOJzZ{mC(_?@RdARm%M-RyvM$F?)#NjGaCIn!j#-@()Tephk$-FgG^ z_2)3`_O@VW(kX6WvQx#ijgy^+_~Rw#KK#68*XHG;c(R>6HTXHO?Sg(J6vuNr~CJ;R9l`|kWWza0AGYt0Xz$9tq%Th$PfBTV zilu1&w8&)MU&FZ?x$l7^#-=P5dXG*Kk_@+d*yT^CqUl_NQ=A&$aQ?9DZ1y*M8pt`H z&PytQM2I49&YlR>$2AL2IB}6l9<7G9CAP$j<7O|62s{PW`EVT(;~69)5mqHY>@qo` z1bxZq+*7g{C!VyF_vxf;mUp@RauOr|o8#Ulpys-8i|7p}a2f^5CVGyttQ_*Pkl9_? z`f!iL4gbG=Sl7;$yKlX2O)`x=K8y&~!*e{TB*ap}GpRi0GM)RlLmu|0QJe9aa&)wD zhRmrrJ2@XLrxiT)D-} z+h0yacDLq6_cqJ9drwZ+<{9 literal 0 HcmV?d00001 diff --git a/src/internal/AdfsSamples/Zscaler.json b/src/internal/AdfsSamples/Zscaler.json new file mode 100644 index 0000000000000000000000000000000000000000..3b1c1cb5adf92739114cf3f898261e777dc11bb7 GIT binary patch literal 8388 zcmcIpZBH9V5Z=#~`XA8sOOP;5prq7MrMjePs6s%&Y1)PeIp>!+#Xvdp7Q|m~`#dwA z+r2%XvBA{|-}$^dGyBZUGqcOT|J=B*-B)gDd?l{wj&Pm0OV@QBd^>j|_X*F(xDQ?0-};Bg{)M!8+bu$VrNF>GRV2V;pC{Y~rdmbN&5 zm%XYHH*iCssQ6yMwvOQS8uktGWN1Isj_KN)hz`a%ql>Nc@&q%CQEYS68}ns+f-D;0I)%3zu8!*qo|vacB6}6< z?Be&Nko(hhlyQEI*dDo`AgPBZGT1)yz6<^{+aFIw_*djaD<4~(sz<(Hr!M9y{lo)clfr3C&uFwTs4f^#GUUR%hkb%Hb#HM)x~e?6KwE|8Z+4r=APnG z{`9ryW+AobwuFYaqyIwg74trpFw6H?%Ufi~ zAkcM=@5kWt6QG{q7jir66>B%2M~LJ`9-|F##3~q~0bU4g=g60^xCPs53$}k-FzULi z-0HXj%z{HaCIN3|?m1S;sAR|GJFu!ajb+U8Jwav{yIJq&xSq1l?+dQ06}7bvn|tuc zA?_JQFD61_*76n_H#J3{^})K^;AaNp7%A*577?q=`3#jqWp^vFvzmI}ea!6~J&Jm{ z%z+_Kg*F?Pv7$4(Lf$XqxC<1IWLHweFUk4d%VE#b2R6)L?gEE-M)=-LJF`plHkZiM zOH}SvnbAkTwkEax37#IKBd8;z$g>?F&dO55H|@B-frboOQN!ma+}EUch&`Mj+fSr7 zJBFXQi(~i4-GE4CmVGokQ+BB>*&WjV7JpBpn9`hO%yq$#)~7LMdV({p^)_Yl zY_ir$va04;HfVRHdo5Ow*?V|OWrxwcNrj5wOCKHIp&{RyOf_g?m{;(OxWLPH0uXHPX5hiYqgU@QAuc0`O?*17p* zFs|BT8``kv3{hk2s9NuqXzodTu}gj@R`47kJ}212NJe2g)7b#41|yJtJ9nHGg}T15 zkAH(v?E1V{Cw20%Ja({@O`fOBA^M=QoFDVI=GP_n1I~92fJ@P@zP~&SV(&1Y&lv~M zb0F(!xc7M;QliPUN~P?=xZxSg5SC`(m!Y7?_-0M&0qs?cV6@l4Kv~W_o5DO#@i~Au zHR~B0*Lafxt2W;AEP=DMyWqJOnTWf4p5%}xtUICQD_FB3$SM@t+(dO>f`8s(MK8e@ zZ!ogu{t%2lzL9=?e>mK1rBbVtdc}l?vC>bdZDz8lJ3@eD}!WTngE9pypd;t_lXym{_+hHO+;NMQlxALZItDy-uBvMnou zKFG-idS&Z)QpQL!EmfVzEIYGs4Erjset;FR7bt3BR#=5d3#;A1tgts(8u!$! z-wnuNZJD<>|6NXl*ymY|tw9ncD&FimC^ghINl#p*wTELZWy~<@_{>_(x@G$Vo&wtb zfEDxwkfAn@0JUqsKm`5!6csi+M`g#$NcoiaNRzV0&)1!}{zt~YO<~PL<#Z1gXIlmFZ;Lwpd+J(L^cJOtTpqKVA6c$A=8swLWL%ydaSy>dW{jTP zE8833DKa->i#wV7VAGJ9H~94IHofZF$Xi%ntiQ9OVB-?(im#A0%nY8!kfF5;Yv;&l VMZNEdmub4|KL5!WCF(5w{0~nynzaA` literal 0 HcmV?d00001 diff --git a/src/internal/Get-ParsedTokenFromResponse.ps1 b/src/internal/Get-ParsedTokenFromResponse.ps1 new file mode 100644 index 0000000..e263b61 --- /dev/null +++ b/src/internal/Get-ParsedTokenFromResponse.ps1 @@ -0,0 +1,40 @@ +<# +.SYNOPSIS + Parses token from response as plain text string. +.EXAMPLE + PS C:\>Get-ParsedTokenFromResponse $response + Parses token from $response as plain text string. +#> +function Get-ParsedTokenFromResponse { + [CmdletBinding()] + [OutputType([string])] + param ( + # HTTP response + [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true)] + [string] $HttpResponse, + [Parameter(Mandatory=$true, Position = 1)] + # Protocol SAML or WsFed + [ValidateSet("SAML", "WsFed")] + [string]$Protocol + + ) + + $token = "" + + if ($Protocol -eq "SAML") { + # + if($HttpResponse -match '