Allow redirects to external authentication providers

[alexcmoss]

Current behavior:

We use an internal SSO implementation based on OpenID Connect, using redirect flows to authenticate. Cypress does not currently allow the redirect to the 'external' page to login.

Desired behavior:

Cypress could be configured to allow redirects to other domains when necessary. Maybe this could be a configurable whitelist?

I think the current default behaviour is good, but would like to see the option to bypass it.

• Operating System: Windows 10
• Cypress Version: 2.1.0
• Browser Version: Chrome 64

[brian-mann]

You can already do this by turning off chromeWebSecurity. However, this is an anti pattern and we have recipes and documentation explaining how to do this properly without visiting the 3rd party provider. You should programmatically log into your provider with cy.request().

You can search the issues here for even more answers to this question.

• https://on.cypress.io/best-practices#Visiting-external-sites
• https://www.youtube.com/watch?v=5XQOK0v_YRE (you should watch this video to see it in action)
• https://on.cypress.io/recipes.html#Single-Sign-On (we have a recipe of SSO here)

[CrgMkz]

Hey @brian-mann

Can I ask why this is considered bad practise? I'm currently having this issue, when visiting our landing page it will redirect you to login if you haven't already. Cypress is not loading this redirected page. Is there anyway of accessing this redirect page other than sending an api request? The redirected page is completely within our control, and sending an api request to login is not reflective of our user journey.

Thanks

[hiredgun]

I'm currently evaluating different e2e/integration testing tools and really love Cypress for its command log and easiness of debugging. After the first impression, I was excited to convince my team to use it in our project. Unfortunately, I failed to authenticate with OKTA SSO due to #1321. In the meantime, I tried TestCafe and it took me literally like 3 minutes to successfully log in to my app with 3 redirects without disabling chromeWebSecurity. I'm wondering what blockers are preventing Cypress from allowing to accomplish the same scenario without so much additional work presented in SSO recipe. We will probably stick with TestCafe for now but I will definitely check whether anything has changed regarding this issue since I definitely prefer Cypress' approach.

[owenmecham]

One of the primary areas of our apps that we would want to test in an automated fashion is the SSO redirect. We also use OKTA and Open ID Connect. I would hope that you would reconsider this issue to find a solution.

[aaron-sf]

Same. Found this thread doing research to be sure we'd be able to use our Enterprise Okta SSO. Am I wrong in assuming this isn't supported?

[rodoabad]

Any updates on this? If a baseUrl is Okta secured, Cypress isn't able to login since they get redirected to an external page.

[jeffradom]

I'm also having issue with OKTA and can't login at all into our app URL. So is it possible at all?

[jennifer-shehane]

@jeffradom @rodoabad @owenmecham Please open an issue detailing the exact code to reproduce the OKTA issue so we can look at the exact mechanisms that are involved.

[jeffradom]

@jennifer-shehane I've already done that with maximum details I had.

[jeffradom]

here is a link to a bug #4416