Here’s a small page for Azure SSO to view :
- Your UPN
- Your groups membership (ID)
- Other claims
This can help you when designing your Authorization policies and having issues to confirm that the claim on which you base your authorization policy is indeed present.
Example policy
$AuthorizationPolicy = New-UDAuthorizationPolicy -Name “MyPolicy” -Endpoint {
param($User)
$User.HasClaim("groups", "xxxx4b03-1xxx-4xxx-8x10-xxxxxxxxx2e")
}
$AuthorizationPolicy = New-UDAuthorizationPolicy -Name “MyPolicy” -Endpoint {
param($User)
$User.HasClaim("groups", "xxxx4b03-1xxx-4xxx-8x10-xxxxxxxxx2e")
}
Code for the page shown above
New-UDPage -Name 'Claims' -AuthorizationPolicy 'Login' -Endpoint {
New-UDCard -Title 'UPN' -Text "$(($ClaimsPrinciple.claims | where type -eq "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn" ).Value)"
New-UDCard -Title 'Groups' -Text "$(($ClaimsPrinciple.Claims | where type -like "*groups" ).Value | Format-List | Out-String)"
New-UDCard -Title 'Claims' -Text "$($ClaimsPrinciple.Claims | Format-List @{n='SName*';e={$_.Type.Split('/')[-1]}},Type,Value | Out-String)"
}
PS: Don’t forget to set the following key / value in your app. manifest
"groupMembershipClaims": "SecurityGroup", if you don’t see your claims membership right way in the Azure Active Directory / App Registraion / Your app / Manifest blade.