Product: PowerShell Universal
Version: 4.2.21
I’ve had WsFed configured through appsettings.json pointing to our ADFS server and working no problem, but we’re moving everything up to Entra now. The application registration is configured in Entra and I changed the appsettings to use the Entra metadata URL, but Universal still tries logging in through ADFS. Restarted the service, and the restarted the whole server, but it still tries contacting ADFS. I disabled the RP in ADFS to verify that broke authenticating and that it was relying only on ADFS to login, not Entra.
Verified the appsettings.json metadata URL was correctly set and that the only Set-PSUAuthenticationMethod
found in authentication.ps1 is for the Forms method. Even tried overwriting the WSFederation auth method in authentication.ps1, but it made no difference.
Set-PSUAuthenticationMethod -Type "WSFederation" `
-CallbackPath "/auth/signin-wsfed" `
-UseTokenLifetime $true `
-MetadataAddress "https://login.microsoftonline.com/********/federationmetadata/2007-06/federationmetadata.xml?appid=********" `
-Wtrealm "https://psu.contoso.com" `
-WReply "https://psu.contoso.com"
Haven’t found configs anywhere else that suggest using ADFS either. Is there some cached configs holding onto ADFS somewhere I need to purge?
{
"Kestrel": {
"Endpoints": {
"HTTP": {
"Url": "http://*:80"
},
"HTTPS": {
"Url": "https://*:443",
"Protocols": "Http2",
"SslProtocols": [
"Tls12",
"Tls13"
],
"Certificate": {
"Subject": "psu.contoso.com",
"Store": "My",
"Location": "LocalMachine",
"AllowInvalid": "true"
}
}
},
"RedirectToHttps": "true",
"UseHttpSys": "false",
"BasePath": "",
"Hsts": {
"MaxAgeDays": 365
},
"CookiePolicy": ""
},
"ApplicationInsights": {
"InstrumentationKey": ""
},
"AllowedHosts": "*",
"CorsHosts": "",
"Plugins": [
"UniversalAutomation.LiteDBv5"
],
"SystemLogPath": "%ProgramData%\\PowerShellUniversal\\systemLog.txt",
"SystemLogLevel": "Information",
"Data": {
"RepositoryPath": "%ProgramData%\\UniversalAutomation\\Repository",
"ConnectionString": "filename=%ProgramData%\\UniversalAutomation\\database.db;upgrade=true",
"RunMigrations": true,
"GitRemote": "https://github.com/******/PowerShell-Universal.git",
"GitUserName": "any",
"GitPassword": "***************",
"GitBranch": "main",
"GitSyncBehavior": "PushOnly",
"GitInitializeBehavior": "Init",
"GitSyncInterval": "1",
"GitSyncTimeout": 60,
"ConfigurationScript": "",
"Mode": "Manual"
},
"Api": {
"OpenAPI": {
"Name": "Endpoints",
"Description": "Endpoints defined within the PowerShell Universal admin console.",
"Url": "v2",
"Version": "v2"
},
"Url": "",
"GrpcPort": 0
},
"Authentication": {
"Windows": {
"Enabled": "false"
},
"WSFed": {
"Enabled": "true",
"MetadataAddress": "https://login.microsoftonline.com/********/federationmetadata/2007-06/federationmetadata.xml?appid=********",
"Wtrealm": "https://psu.contoso.com",
"CallbackPath": "/auth/signin-wsfed"
},
"OIDC": {
"Enabled": "false",
"CallbackPath": "/auth/signin-oidc",
"ClientID": "",
"ClientSecret": "",
"Resource": "",
"Authority": "",
"ResponseType": "",
"SaveTokens": "false",
"CorrelationCookieSameSite": "",
"UseTokenLifetime": true,
"Scope": "openid profile groups",
"GetUserInfo": false
},
"ClientCertificate": {
"Enabled": "false"
},
"SessionTimeout": "25"
},
"Jwt": {
"SigningKey": "PleaseUseYourOwnSigningKeyHere",
"Issuer": "IronmanSoftware",
"Audience": "PowerShellUniversal"
},
"UniversalAutomation": {
"Queues": [],
"JobHandshakeTimeout": 30,
"JobDebugging": false,
"ContinueJobOnServerStop": false,
"HangfireWorkerCount": 100
},
"UniversalDashboard": {
"AssetsFolder": "%ProgramData%\\PowerShellUniversal\\Dashboard",
"DashboardStartupTimeout": 10
},
"Secrets": {
"SecretStore": {
"Password": "PSUSecretStore"
},
"Database": {
"EncryptionKey": "****************"
}
},
"ShowDevTools": false,
"HideAdminConsole": false,
"Profiling": false,
"NodeName": ""
}