Product: PowerShell Universal
Version: 5.5.2
Hi there,
again a question from some PSU newbie 
- when I login via OIDC to PSU the authentication from my user β PSU β App β PSU-endpoint request works, it seems that my user context is automatically used to authenticate
- when I login via Windows authentication it doesnβt work, I get
401 Unauthorized, although call the endpoint URL manually after authenticating with Windows works
How can I handle this the best?
First I thought creating an app token programmatically, but a) I think an app token is not intended for sessions and b) the documented -WebSession $Session is not supported and throws an error
Cannot convert the "UniversalDashboard.Models.SessionState" value of type "UniversalDashboard.Models.SessionState" to type "Microsoft.PowerShell.Commands.WebRequestSession"
I tried to dig a little futher and found that $Headers with OIDC works instantly as it is a built-in variable. Based on Security | PowerShell Universal I then tried to use -UseDefaultCredentials in my code, if the username contains DOMAIN\.
$Headers["Accept"] = "application/json"
$RequestParameter = @{
Uri = "https://SERVER/nestfix/config"
Method = "Get"
Headers = $Headers
}
if ($User -like "DOMAIN\*") {
$RequestParameter["UseDefaultCredentials"] = $true
}
$Data = (Invoke-RestMethod @RequestParameter)
With this I now get 403 Forbidden, so at least βsomeβ authentication seems to work in the background, although the claims / roles seem not to be passed properly.
Does anybody has an idea how to handle this? I would like to have a way to support Windows + OIDC authentication and use the context of the user to authenticate on the defined endpoint (and assigned roles). The endpoint itself does not need the assigned role information.
Thanks a lot to all.