AD authentication on Powershell Universal Dashboards

Continuing the discussion from AD authentication example request:

Hi, I’ve tried to get this working on Powershell Universal but doesn’t work. Seems the cmdlets are not available as I cant see them loaded in the log. I want to get the logged in user’s username automatically to be able to display information about their AD account or allow the user the enter different account credentials to authorise displaying that account’s details. How best can I do this?

By default, the authentication is happening within the Universal Server process which means it’s running PS7. If you want to use the AD cmdlets, you can switch to use PowerShell 5.1 by setting the SecurityPowerShellVersion parameter on the Set-PSUSetting cmdlet in %programdata%\UniversalAutomation\.universal\settings.ps1

Thanks but how would I get the currently logged in user’s username for example? How does the dashboard know which user is looking at it? Is there a way it can get the authenticated domain user via the browser somehow?

You can use IIS hosting and Windows Auth to get the current logged in user:

You will will have access to a $User and $Roles variables in your dashboard script. The $User variable will contain a string that is the user name provided by the auth. $Roles will contain an array of the roles that the user is a part of.

Ah cool. I had a feeling that might help but wasn’t sure - I suppose I didn’t really want to go through all that config for IIS :sweat_smile:

Cheers Adam! Btw, bloody great job you’ve done on 1.3 with all the additional features! :+1:t5:

1 Like

We are looking at implementing Windows Auth support without IIS for an upcoming release because setting up IIS can certainly be a pain…

Also, thanks a ton! I’m really excited for this version.

1 Like

Is there a way of tracking these requests so we dont miss them, as soon as i can get away from IIS for AD auth i will, so very interested in this one!

I’ve opened an issue on our public tracker. It’ll be closed once the feature is implemented.

I’ve futz’d with it a little bit and have the code written but it’s not working correctly just yet. I’m trying to get it into 1.4.

Thanks Adam,

I am moving towards using AAD auth, and i have this working fine for PSU but i think im missing something with dashboards. If i authenticate with PSU through AAD OIDC it then authenticates me with the dashboard. If i then allow this to timeout and go straight to the dashboard i just get forwarded to: https://url/login?returnurl=/ with the PSU logon… any thoughts how i get this to also pass AAD auth into the dashbord directly (im sure im missing a simple step)

Hmmm this seems like a bug to me but I will validate. I’m not sure what other configuration you would have to do. I’ve open this issue for this: