#152 PS51/NET48 and PS73/NET70 PesterContext-checks fixed by moving I…

…fs in It blocks plus release notes for v8.0... Get ready to release like PR, automated build....Later deep dive into folder cmdlets based on OpenApi

.github/workflows/continuous-integration.yml

@@ -18,11 +18,6 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-#    - name: Setup .NET 3.1.x
-#      uses: actions/setup-dotnet@v1
-#      with:
-#        dotnet-version: 3.1.x
-
     - name: Setup .NET 6.0.x
       uses: actions/setup-dotnet@v3
       with:
@@ -66,12 +61,15 @@ jobs:
         ISH_BASE_URL: ${{ secrets.ISH_BASE_URL }}
         ISH_USER_NAME: ${{ secrets.ISH_USER_NAME }}
         ISH_PASSWORD: ${{ secrets.ISH_PASSWORD }}
+        ISH_CLIENT_ID: ${{ secrets.ISH_CLIENT_ID }}
+        ISH_CLIENT_SECRET: ${{ secrets.ISH_CLIENT_SECRET }}
       run: |
         $filePath = 'Source/ISHRemote/Trisoft.ISHRemote/ISHRemote.PesterSetup.Debug.ps1'
         Add-Content -Path $filePath -Value '# File[$filePath] is generated through continuous-integration.yml section PowerShell 7.x'
         Add-Content -Path $filePath -Value '$baseUrl = $env:ISH_BASE_URL'
         Add-Content -Path $filePath -Value 'if ($baseUrl -like "*.sdlproducts.com*")'
         Add-Content -Path $filePath -Value '{'
+        Add-Content -Path $filePath -Value '  $ishEventTypeToPurge = ''TESTBACKGROUNDTASK''' # before 14SP4 use ''PUSHTRANSLATIONS'''
         Add-Content -Path $filePath -Value '  $ishLngLabel = ''en-us'''
         Add-Content -Path $filePath -Value '  $ishLngTarget1 = ''VLANGUAGEESES'''
         Add-Content -Path $filePath -Value '  $ishLngTarget1Label = ''es-es'''
@@ -86,6 +84,8 @@ jobs:
         ISH_BASE_URL: ${{ secrets.ISH_BASE_URL }}
         ISH_USER_NAME: ${{ secrets.ISH_USER_NAME }}
         ISH_PASSWORD: ${{ secrets.ISH_PASSWORD }}
+        ISH_CLIENT_ID: ${{ secrets.ISH_CLIENT_ID }}
+        ISH_CLIENT_SECRET: ${{ secrets.ISH_CLIENT_SECRET }}
       run: Invoke-Pester -Path Source/ISHRemote/Trisoft.ISHRemote/Cmdlets/_TestEnvironment/TestPrerequisite.Tests.ps1 -Output Detailed -Passthru | Export-CliXml -Path Cmdlets.Pester.Tests.xml
     - name: Upload test results
       uses: actions/upload-artifact@v3
@@ -99,6 +99,8 @@ jobs:
         ISH_BASE_URL: ${{ secrets.ISH_BASE_URL }}
         ISH_USER_NAME: ${{ secrets.ISH_USER_NAME }}
         ISH_PASSWORD: ${{ secrets.ISH_PASSWORD }}
+        ISH_CLIENT_ID: ${{ secrets.ISH_CLIENT_ID }}
+        ISH_CLIENT_SECRET: ${{ secrets.ISH_CLIENT_SECRET }}
       run: Invoke-Pester -Path Source/ISHRemote/Trisoft.ISHRemote/Cmdlets/ -Output Detailed -Passthru | Export-CliXml -Path Cmdlets.Pester.Tests.xml
     - name: Upload test results
       uses: actions/upload-artifact@v3
@@ -113,12 +115,15 @@ jobs:
         ISH_BASE_URL: ${{ secrets.ISH_BASE_URL }}
         ISH_USER_NAME: ${{ secrets.ISH_USER_NAME }}
         ISH_PASSWORD: ${{ secrets.ISH_PASSWORD }}
+        ISH_CLIENT_ID: ${{ secrets.ISH_CLIENT_ID }}
+        ISH_CLIENT_SECRET: ${{ secrets.ISH_CLIENT_SECRET }}
       run: |
         $filePath = 'Source/ISHRemote/Trisoft.ISHRemote/ISHRemote.PesterSetup.Debug.ps1'
         Add-Content -Path $filePath -Value '# File[$filePath] is generated through continuous-integration.yml section Windows PowerShell 5.1'
         Add-Content -Path $filePath -Value '$baseUrl = $env:ISH_BASE_URL'
         Add-Content -Path $filePath -Value 'if ($baseUrl -like "*.sdlproducts.com*")'
         Add-Content -Path $filePath -Value '{'
+        Add-Content -Path $filePath -Value '  $ishEventTypeToPurge = ''TESTBACKGROUNDTASK''' # before 14SP4 use ''PUSHTRANSLATIONS'''
         Add-Content -Path $filePath -Value '  $ishLngLabel = ''en-us'''
         Add-Content -Path $filePath -Value '  $ishLngTarget1 = ''VLANGUAGEESES'''
         Add-Content -Path $filePath -Value '  $ishLngTarget1Label = ''es-es'''
@@ -133,6 +138,8 @@ jobs:
         ISH_BASE_URL: ${{ secrets.ISH_BASE_URL }}
         ISH_USER_NAME: ${{ secrets.ISH_USER_NAME }}
         ISH_PASSWORD: ${{ secrets.ISH_PASSWORD }}
+        ISH_CLIENT_ID: ${{ secrets.ISH_CLIENT_ID }}
+        ISH_CLIENT_SECRET: ${{ secrets.ISH_CLIENT_SECRET }}
       run: Invoke-Pester -Path Source/ISHRemote/Trisoft.ISHRemote/Cmdlets/ -Output Detailed -Passthru | Export-CliXml -Path Cmdlets.Pester.Tests.xml
     - name: Upload test results
       uses: actions/upload-artifact@v3

Doc/ReleaseNotes-ISHRemote-8.0.md

@@ -20,7 +20,7 @@ Where we used to have only implicit `WcfSoapWithWsTrust` protocol - same as ISHR
     * WS-Federation/WS-Trust over –IshUserName/-IshPassword parameters, typical ISHSTS setups
     * WS-Federation/WS-Trust over implicit ActiveDirectory NetworkCredentials , typical ADFS setups
 * If protocol is not mentioned, it defaults to `WcfSoapWithOpenIdConnect` on Tridion Docs 15.x/15.x.0
-    * Modern Authentication like Publication Manager or Organize Space, etc over System Browser
+    * Modern Authentication like Publication Manager or Organize Space, etc over your favorite Browser
     * Modern Authentication over –ClientId/-ClientSecret coming from Access Management (ISHAM)
     * Note: ISHWS/OWCF web services have feature parity to ISHWS/WCF (and actually also ISHWS/*.ASMX) 
 * If protocol is forced to `OpenApiWithOpenIdConnect`
@@ -29,7 +29,7 @@ Where we used to have only implicit `WcfSoapWithWsTrust` protocol - same as ISHR
 
 ### OpenIdConnect Client Credentials Flow
 
-On Tridion Docs 15.x/15.x.0 the below cmdlet with superfluous `-Protocol WcfSoapWithOpenIdConnect` will create an `IshSession` for usage in all other cmdlets.
+On Tridion Docs 15.x/15.x.0 the below cmdlet with superfluous `-Protocol WcfSoapWithOpenIdConnect` parameter will create an `IshSession` for usage in all other cmdlets.
 
 ```powershell
 New-IshSession -Protocol WcfSoapWithOpenIdConnect -WsBaseUrl https://ish.example.com/ISHWS/ -ClientId "c82..." -ClientSecret "ziK...=="
@@ -41,14 +41,16 @@ Below animation illustrates how you need to set up a Service Account resulting i
 
 ### OpenIdConnect Authorization Code Flow with PKCE Flow
 
-On Tridion Docs 15.x/15.x.0 the below cmdlet with superfluous `-Protocol WcfSoapWithOpenIdConnect` will create an `IshSession` for usage in all other cmdlets.
+On Tridion Docs 15.x/15.x.0 the below cmdlet with superfluous `-Protocol WcfSoapWithOpenIdConnect` parameter will create an `IshSession` for usage in all other cmdlets.
 
 ```powershell
 New-IshSession -Protocol WcfSoapWithOpenIdConnect -WsBaseUrl https://ish.example.com/ISHWS/ #over-SystemBrowser
 ```
 
 Below animation illustrates how you will authenticate over your (system) browser, potentially reusing your single sign on session. This example federates the authentication from Access Management (ISHAM) to built-in Tridion Docs Identity Provider (ISHID) which could be a different MFA-protected experience in other setups. Do note that ISHID accounts have prepared External Id (`FISHEXTERNALID`) entries on every Tridion Docs User Profile.
 
+![ISHRemote-8.0--ClientSecretOnTridionDocs15.0 1024x512](./Images/ISHRemote-8.0--BrowserAuthorizationCodeFlowUsingISHIDOnTridionDocs15.0.gif)
+
 ### Protocol Overview 
 
 |ISHRemote v8.0 Protocol|Authentication Protocol|New-IshSession|On Windows PowerShell 5.1 powered by .NET Framework 4.8|On PowerShell (Core) 7.2+  powered by .NET (Core) 6.0+|
@@ -61,6 +63,10 @@ Below animation illustrates how you will authenticate over your (system) browser
 | |Authorization Code Flow with PKCE (typically System Browser)|New-IshSession -Protocol WcfSoapWithOpenIdConnect -WsBaseUrl https://ish.example.com/ISHWS/ #over-SystemBrowser|Supported|Supported|
 
 
+### User's Last Log On Timestamp Impact
+
+The Tridion Docs User Profile as seen in the Settings > User profile overview (ISHCS/OrganizeSpace) shows the last log on date time (field `FISHLASTLOGINON`) which is only accurate for authentication over Tridion Docs Identity Provider (ISHID or before ISHSTS). When federating authentication the remote Secure Token Service (STS) is responsible. Do note that Access Management (ISHAM) User Profiles, even when logged in over Tridion Docs Identity Provider (ISHID) or any other federated Secure Token Service (STS) does get updated.
+
 
 ## Implementation Details
 
@@ -90,14 +96,14 @@ Code, especially around communication and authentication protocol, was heavily r
 
 ## Breaking Changes - Platform
 
-All third party libraries regarding WS-Trust, Federation and OpenIdConnect were upgraded to latest available (see `Trisoft.ISHRemote.csproj` history) for details. However, ISHRemote in the end is an assembly library loaded in PowerShell (like `%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe`). Other libraries loaded earlier or later influence ISHRemote, especially the OpenIdConnect connection libraries.
+All third party libraries regarding WS-Trust, Federation and OpenIdConnect were upgraded to latest available (see `Trisoft.ISHRemote.csproj` history) for details. However, ISHRemote in the end is an assembly library loaded in a PowerShell process (like `%SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe`). Other libraries loaded earlier or later influence ISHRemote, especially the OpenIdConnect connection libraries.
 
 Classic solution are assembly redirects in app.config. However, updating .config files under `%SystemRoot%\system32\` is not done and requires Administrator privileges.
 
 So chose to explicit load higher required assembly version then already found/loaded through `AppDomainModuleAssemblyInitializer`. Every `New-IshSession` will trigger a warning/verbose message hinting to this magic that influences ISHRemote or where ISHRemote influences others.
 
-```powershell
-WARNING: NewIshSession  ISHRemote module on PS5.1/NET48 forces Assembly Redirects over for System.Runtime.CompilerServices.Unsafe.dll/System.Text.Json.dll/IdentityModel.OidcClient.dll/Microsoft.Bcl.AsyncInterfaces.dll/System.Text.Encodings.Web.dll
+```
+WARNING: NewIshSession  ISHRemote module on PS5.1/NET48 forces Assembly Redirects for System.Runtime.CompilerServices.Unsafe.dll/System.Text.Json.dll/IdentityModel.OidcClient.dll/Microsoft.Bcl.AsyncInterfaces.dll/System.Text.Encodings.Web.dll
 ```
 
 |Assembly|Initial Version Load Request|Redirecting and Loading Version|
@@ -124,8 +130,8 @@ Below is not an official performance compare, but a recurring thing noticed alon
 |--------------------------|-------------------------------------|----------------------|----------------|
 | ISHRemote 6.0.9523.0     | Windows PowerShell 5.1 on .NET 4.8  | WcfSoapWithWsTrust | Tests completed in 353.57s AND Tests Passed: 917, Failed: 0, Skipped: 8 NotRun: 0 |
 | ISHRemote 6.0.9523.0     | PowerShell 7.3.0 on .NET 7.0.0      | WcfSoapWithWsTrust | Tests completed in 305.46s AND Tests Passed: 921, Failed: 0, Skipped: 8 NotRun: 0 |
-| ISHRemote 8.0.10425.0     | Windows PowerShell 5.1 on .NET 4.8.1  | WcfSoapWithOpenIdConnect | Tests completed in 634.75s AND Tests Passed: 1045, Failed: 0, Skipped: 3 NotRun: 0 |
-| ISHRemote 8.0.10425.0     | PowerShell 7.3.6 on .NET 7.0.0  | WcfSoapWithOpenIdConnect | Tests completed in 538.95s AND Tests Passed: 934, Failed: 0, Skipped: 3 NotRun: 0  |
+| ISHRemote 8.0.10425.0     | Windows PowerShell 5.1 on .NET 4.8.1  | WcfSoapWithOpenIdConnect | Tests completed in 472.44s AND Tests Passed: 1026, Failed: 0, Skipped: 3 NotRun: 0 |
+| ISHRemote 8.0.10425.0     | PowerShell 7.3.6 on .NET 7.0.0  | WcfSoapWithOpenIdConnect | Tests completed in 457.89s AND Tests Passed: 1026, Failed: 0, Skipped: 3 NotRun: 0  |
 
 
 

Doc/TheExecution-ISHRemote-8.0.md

@@ -189,21 +189,22 @@ For whoever stumbles on this transitive package dependency of `System.Runtime.Co
 * All examples for Get-Help in New-IshSession are over -PSCredentials or -IshUserName/IshPassword but now we have interactive (so system browser) or -ClientId/ClientSecret ... adapt them all or add sentence in first example?
 * Align `Test-IshSession` with `New-IshSession` plus both need tests: `NewIshSession.Tests.ps1` and `TestIshSession.Tests.ps1`
 * Extend New-IshSession/Test-IshSession with -PSCredential also working for client/secret (and ishusername/ishpassword)
-
+* * Fix all version based tests on PS7, they should not result in empty server version like ` Context Add-IshBackgroundTask IshObjectsGroup Pipeline IshObject since 14SP4/14.0.4 =<`... Don't put Pester code in `Decribe` or `Context` block, use `It` only.
+* Update github ticket that Access Management part of Tridion Docs 15/15.0.0 has an improvement where unattended *Service accounts* have to be explicitly created. Note that interactive logins are still allowed. See ReleaseNotes-ISHRemote-8.0.md
+* Refresh OpenApi.json to released Docs 15.0.0 version
+* Describe when Last Log On is valid. Always on Access Management (ISHAM) User Profiles, even when logged in over Tridion Docs Identity Provider (ISHID) or any other federated Secure Token Service (STS). On Tridion Docs User Profile, so visible in Organize Space or through `Find-IShUser` cmdlet, only if you used Tridion Docs Identity Provider (ISHID).
+*   
 # Next
-* Fix all version based tests on PS7, they should not result in empty server version like ` Context Add-IshBackgroundTask IshObjectsGroup Pipeline IshObject since 14SP4/14.0.4 =<`
 * Test refresh with short expiration 
 * Extend perequisites test regarding client I'd and secret, an expired and valid set... Perhaps over isham20proxy
     * User provisioning, see [SRQ-23306] Last login date in user overview is not updated when authentication was done through an external identity provider - RWS Jira https://jira.sdl.com/browse/SRQ-23306
 * Automated Test ps5.1 with wstrust, ps7 with both openidconnect
 * Test all protocol types on all platforms via newishsession (and one other smoke test) by calling it 6 times (2 ps times 3 protocols) which colors right after prerequisites
-* Refresh OpenApi.json to released Docs 15.0.0 version
-* Once branch #152 is merged, update ticket https://github.com/IdentityModel/Documentation/issues/13 with a hint to `AppDomainAssemblyResolveHelper.cs` or better `AppDomainModuleAssemblyInitializer.cs`
-    > Took me a while to find this nugget to resolve my problem. It is unfortunate that `OidcClient` doesn't work without these assemblyBinding redirects. For people who have this issue but do not have access to a `.config` file like I had with `powershell.exe.config` (v5.1 on .NET 4.8) - have a look at `SessionCmdlet.cs` and `AppDomainAssemblyResolveHelper.cs` on https://github.com/RWS/ISHRemote/
+* Once branch #152 is merged, update ticket https://github.com/IdentityModel/Documentation/issues/13 with a hint to `AppDomainModuleAssemblyInitializer.cs`
+    > Took me a while to find this nugget to resolve my problem. It is unfortunate that `OidcClient` doesn't work without these assemblyBinding redirects. For people who have this issue but do not have access to a `.config` file like I had with `powershell.exe.config` (v5.1 on .NET 4.8) - have a look at `AppDomainModuleAssemblyInitializer.cs` on https://github.com/RWS/ISHRemote/
     > Another hint is adding `LogSerializer.Enabled = false;` because if you do not attach logging to OidcClient, there seemingly is a bug that still does logging although not configured. see https://github.com/IdentityModel/IdentityModel.OidcClient/pull/67
-* Update github ticket that Access Management part of Tridion Docs 15/15.0.0 has an improvement where unattended *Service accounts* have to be explicitly created. Note that interactive logins are still allowed.
 * Describe what Tridion Docs User Profile disable means, and when it kicks in.
-* Describe when Last Log On is valid. Always on Access Management (ISHAM) User Profiles, even when logged in over Tridion Docs Identity Provider (ISHID) or any other federated Secure Token Service (STS). On Tridion Docs User Profile, so visible in Organize Space or through `Find-IShUser` cmdlet, only if you used Tridion Docs Identity Provider (ISHID).
+
 
 # Future  
 * Put Protocol in IshSession print next to ServerVersion (perhaps no AuthContext anymore)