Hi,
when Windows Authentication is set to true in the PSU settings, it seems the “authentication.ps1” script is ignored.
The role based access was defined by giving claims to users via this script as explained in PSU documentation.
In the authentication page in the PSU admin interface, there is only a “Forms” entry linked to the authentication.ps1 script.
Is there a way to add another authentication entry for example for the “Windows authentication” ?
Thank you by advance.
Currently, this isn’t the case. As you mentioned, the authentication.ps1 is only run for forms auth. The roles.ps1 entries are executed for Windows Auth but it sounds like you want additional claims added which currently isn’t possible with Windows Auth.
Can you let me know what you’re trying to achieve? Are you trying to add claims so you can check them later?
We have created forms to manage AD accounts ( Creation, deletion etc …) and we have created a role for the operators who will use the forms.
The goal is to let them access the forms ( a dashboard ) with Windows Auth but deny them access to PSU admin interface.
The new role is in the dashboard role list.
The idea was to add the operators to a security group and give a claim to the role if the connected user is member of this group.
In this case, we have not to worry about PSU. Their identity is added to PSU when they connect to the dashboard for the 1rst time, and the role policies give them the role to access the dashboard.
I’d also be interested in this, if there isn’t already an existing method for PSU hosted in IIS.
Members of AD Group A can access Dashboard A, B and C
Members of AD Group B can access Dashboard C, D and E.
Members of AD Group C can access all dashboards plus the admin page.
Thanks in advance!