[pageDetectionTelemetry] Add additional requirements for AD FS 2019 #59
Description
Overview
Offline Tools: AD FS Login Page Telemetry using App Insights does not support AD FS 2019 without modifying the default Content-Security-Policy response headers.
Solution
- Log on to the primary server in the AD FS 2019 farm
- Review the default/existing AD FS response headers using
(Get-AdfsResponseHeaders).ResponseHeaders
- Add the external Microsoft script and Application Insights endpoint URL to the Content-Security-Policy response headers
Set-AdfsResponseHeaders -SetHeaderName "Content-Security-Policy" -SetHeaderValue "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://az416426.vo.msecnd.net/scripts/a/ai.0.js https://dc.services.visualstudio.com/v2/track; img-src 'self' data:;"
Expected behavior
- Register an Azure Application Insights datastore
- Replace (or append) the onload.js from the repo
- Open a web browser, open the Developer Console (Ctrl+Shift+I in Google Chrome), perform an AD FS logon, and verify TelemetryManager is executing as expected.
- Navigate to the Application Insights datastore, select Search, and verify telemetry events are written to the datastore.
Actual behavior
- Register an Azure Application Insights datastore
- Replace (or append) the onload.js from the repo
- Open a web browser, open the Developer Console (Ctrl+Shift+I in Google Chrome), perform an AD FS logon. In the console, errors are generated:
Refused to load the script 'https://az416426.vo.msecnd.net/scripts/a/ai.0.js' because it violates the following Content Security Policy directive:. ...
Refused to connect to 'https://dc.services.visualstudio.com/v2/track' because it violates the following Content Security Policy directive:. ...
- Navigate to the Application Insights datastore, select Search, and no telemetry events are written to the datastore.