Claims and roles only working for some

LiquoriChris · November 3, 2021, 4:45pm

Assignment Detail looks good on users with many groups associated with PSU Roles and on a user that only has one group assigned to a PSU Role.

In the claims json file, it does show the correct object id and tenant. But looking at it, for user that it is working on I see all of the group claims, but for users that it is not working on, I see this:

{
      "Type": "_claim_names",
      "Value": "{\"groups\":\"src1\"}",
      "ValueType": "JSON",
      "Issuer": "https://sts.windows.net/<tenantId>",
      "Properties": "System.Collections.Generic.Dictionary`2[System.String,System.String]"
    },
    {
      "Type": "_claim_sources",
      "Value": "{\"src1\":{\"endpoint\":\"https://graph.windows.net/<tenantId>/users/<userObjectId>/getMemberObjects\"}}",
      "ValueType": "JSON",
      "Issuer": "https://sts.windows.net/<tenantId>/",
      "Properties": "System.Collections.Generic.Dictionary`2[System.String,System.String]"
    }

Tenant and User Object ID were redacted, but are correct in the json file.

Topic		Replies	Views
Azure OIDC, unable to locate claims PowerShell Universal	5	410	March 21, 2022
AAD OIDC set groupMembershipClaims gets ERR_HTTP2_PROTOCOL_ERROR PowerShell Universal	8	1037	October 1, 2021
Users with Many groups - MaxRequestHeadersTotalSize not working PowerShell Universal	3	232	September 27, 2022
Not getting AD groups as claims with Okta authentication PowerShell Universal	7	1581	April 21, 2022
AzureAD Auth not returning HasClaim value PowerShell Universal	4	584	June 11, 2021

Claims and roles only working for some

Related topics