Bring Your Own Device Part I Yuqing Zhao 趙宇清 Protocol Test Suite Developer Microsoft Corporation
What s BYOD Device <-> Public Cloud Device <-> Enterprise On-Premise Cloud
BYOD Protocols and Test Design How to use protocol Test Suite Q&A Agenda
BYOD Protocol Scenarios WHO -- Workplace Join
Covered Protocols MS-DVRD: Discovery endpoints used during device registration MS-OAPX: Extend Authorization Code Grant of OAuth2.0(RFC6749) MS-DVRE: Enroll a device certificate
Protocol Stack MS-DVRD MS-OAPX MS-DVRE HTTPS OAuth2.0 WS-Trust SOAP
Protocol Traffic Flow AuthCode Discovery Server Discovery Response OAPX Auth Endpoint OAPX Token Endpoint Access Token Apply Enrollment Discovery Apply Access AuthCode Request Token Personal Device Enrollment Server
Protocol Implementation Scenario Client Role of MS-DVRD Client Role of MS-DVRE Client Role of MS-OAPX
Test Suite acts as Synthetic Server OAPX Auth Endpoint Test Case 1 Test Case 2 OAPX Token Endpoint xxx xx Constructing Auth Verifying and xx Issue Access Response issue Request Token Test Suite AuthCode Discovery Server Discovery AuthCode Access Response Token Message Syntax is verified Apply Enrollment Discovery Apply Access AuthCode Request Token 3 rd party Client role implementation Specific authentication mechanism passed Enrollment Server Security Token is issued by test suite Device State matches expectation
Test Suite Architecture Trigger SUT to start registration Define execution sequence Test Suite SUT Control Adapter System Under Test (SUT) Test Case HTTPS Protocol Client Role Implementation
BYOD Protocol Scenarios WHO -- Workplace Join WHAT File Sync
Covered Protocols MS-ECS: Protocol to upload and download file MS-FSVCA: Algorithm and data structures to present file version
Traffic Flow: Upload Files Upload Session Provided Confirmed Created Create Get Versions Session MS-ECS Server Personal Device Create Session Get Server Side Versions Upload Files
Traffic Flow: Download Files Upload Create Session Get Server Side Versions Upload Files Same Different Different Download Create Session Send Client Side Versions Download Files
Protocol Implementation Scenario Client Role of MS-ECS MS-FSVCA
Synthetic Server In Upload Files Test Case 1 Test Case 2 xxx xx xx Test MS-ECS Suite Server Session Provided Upload Confirmed Created Message Syntax is verified Create Get Upload Versions Changes Session 3 rd party Client Role Implementation Asked for server side versions before uploading Latest file version in request matches expectation Device State matches expectation
Test Suite Architecture Test Suite SUT Control Adapter Test Case HTTP/HTTPS System Under Test (SUT) Protocol Client Role Implementation
BYOD Protocol Scenarios WHO -- Workplace Join WHAT File Sync SECURITY Web App Proxy
Network Topology Corporate Network boundary AD FS Web App Proxy Personal Device Web Application
Covered Protocols MS-ADFSPIP: Describes how an AD FS and Web Application Proxy integrated system works Difference from common Web Proxy? Common web proxy focuses on TCP/IP and HTTP layer MS-ADFSPIP Web App Proxy focuses on AD FS enabled web application protocol layer
Protocol Stack MS-ADFSPIP HTTPS
Protocol Scenarios Deploy Web App Proxy Manage Web App Publish settings Pre-authenticate user request
Traffic Flow: Pre-Authentication AD FS Server HTTP 304 302 + AuthCookie Token Unauthorized!! Client HTTP GET Cert HTTP SSL: 302 need + HTTP GET HTTP 302 304 + Cookie Token AuthCookie cert Web App Proxy Unauthed HTTP GET + Client HTTP GET Cert AuthCookie Request Personal Device Web App Step 1: Access without authorization Step 2: Redirection for authorization Step 3: Retrieves client SSL certificate Step 4: Applies access token with client cert + auth cookie Step 5: Redirected to Web App.
Protocol Implementation Scenario AD FS Server Replace me Web App Proxy 3 rd party Web App Proxy Personal Device Web App
Synthetic testing in Pre-Authentication Test Case 1 Test Case 2 xxx xx xx AD FS Server Test Suite as AD FS Test Case 1 Test Case 2 xxx xx Web App xx HTTP 304 302 + AuthCookie Token Client HTTP GET Cert HTTP GET + Cookie Token Web App Proxy 3 rd party Web App Proxy HTTP SSL: 302 need + HTTP 302 304 AuthCookie cert Received redirection to AD FS Unauthed HTTP GET + Client HTTP GET Cert AuthCookie Request Received auth cookie + client cert request Test Case 1 Test Case 2 xxx xx xx Test Personal Suite as Device Device Test Suite as Web App Received redirection to Web App
Test Suite Architecture Test Suite Act as a web app SUT Control Adapter Fake Web App Fake Web Client Test Case System Under Test (SUT) Proxy Role Implementation Act as a web client
BYOD Protocols How to use protocol Test Suite Deployment Configuration Test Case Execution Test Result Analysis Demo Agenda Q&A
Follow User Guide for Deployment
Test Suite Configuration File *.ptfconfig
Test Suite Configuration File
interactive Adapter Purpose Allow manual operation during test case execution Configuration Effect At SUT control step, will pop up window containing operation instruction
Test Case Execution Use Visual Studio 2012 Use Batch
Test Log Analysis Logs generated during test case execution will all be saved Error message contains original protocol document description
How to use Protocol Test Suite to test Workplace Join