I’m setting up the authentication and authorization aspects of our PowerShell Universal environment (admin page, dashboards, etc.) and I’m taking advantage of claims.
I’m struggling to figure out a straightforward way to determine the URI for a given claim type. For example, the PSU documentation shows an example of using a group SID for claims, but if I want to use group name instead I have to find the appropriate URI. How can I do that?
This depends on your authentication type. The reason we show how to use group SIDs is because that’s what the available claims are for Windows Authentication. The authentication provider doesn’t receive or resolve the SIDs to names so they aren’t available in the claim mapping.
When I click “View Information” I only see the claims associated with the account I’m currently logged in with. That helps me see the claims applied to the user I’m currently logged in with, but searching the Internet for a list of claims for a given provider has not been very effective; at least for me.
For “group name” I found the following on the Microsoft site included below (look under the “What are claim types?” section). It works with what I’m doing even though it’s for ADFS and I’m not utilizing federation at all. Perhaps there’s claim overlap between ADFS and regular AD (this is an area where my knowledge is a rather shaky). My form auth script confirms that the username entered to log into the admin page is in the appropriate AD group. Claim URI:http://schemas.xmlsoap.org/claims/Group Claim Name: Group Source Site:The Role of Claims | Microsoft Learn