Authenticating via Microsoft Azure AD in Cypress (and Puppeteer)

Recently I found myself having to automate a Single Sign On (SSO) implementation that used Microsoft Azure AD as the indentity provider and encountered some issues which I thought were worth sharing.

It’s worth noting that what I’m about to describe is an anti-pattern in Cypress, they recommend not automating 3rd party systems, instead using stubs or mock services but I found myself having to perform an end-to-end system test to cover the SSO implementation.

How does SSO with Azure work?

SAML 2.0 authentication sequence diagram from https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

When a user signs in with SSO they use an existing service they use (called an identity provider) to verify that they have an account and what permissions they have (based on roles or groups assigned to them), once the use has logged into the identity provider it then redirects them back to the application they’re trying to log in with tokens that contain information about the user that can then be used to create a new session (and account if needed).

There are a number of different standards that provide this functionality such as SAML 2.0, OAuth 2.0 and OpenID Connect but from the perspective of the end user (and automation) the flow remains the same with them pressing a button to login, being redirected to Microsoft and then back into the app as an…