Product: PowerShell Universal
Version: 3.5.3
Env: Windows VM, MSI, running as svc account
Finally getting around to setting up proper roles/claims authentication into dashboards (been having too much fun making useful endpoints with tokens!). However I’m not sure if it’s possible to load secret variables (via $secret:varname), regardless of type ([string]/[pscredential]) in authentication.ps1 - is this supposed to work? I can’t seem to get it going. E.g.:
authentication.ps1 contains this, snipped for brevity:
...
if ($Credential.UserName -eq $secret:EmergencyAdmin.UserName) {
New-PSUAuthenticationResult -Success:$true -UserName 'Admin'
} else {
Write-Host "'$($Credential.username)' != emergency local admin '$($secret:EmergencyAdmin.UserName)', continuing to domain authentication"
...domain authentication...
}
...
but the $secret var check NEVER works, and then in the authentication logs (at https://localhost/admin/security/authentication/1) I only see this:
'ExampleUsername' != emergency local admin '', continuing to domain authentication
So, are $secret variables supposed to be accessible by authentication.ps1? Is there anything I’m missing to enable this if it’s not a default?
I had been looking at Forms - Ironman Software which seems to use secret variables, and the there-linked video seems to show the same thing working, so not sure what I’m doing wrong.
I’ve tried saving secrets in both the built-in vault and PSUSecretStore - same results. The $secret:-scoped variable in question shows up fine in script executions otherwise, so I know the value is there - just doesn’t work during authentication.
Thanks!
