Yeah. That’s the one. I verified tests are now passing. I need to fix those release notes. They are autogenerated by the built-in Azure DevOps task and it’s all messed up for some reason.
Awesome! I’ll give it a go and update you
Hi again @adam
Sadly, no dice.
Same 500 error on login, with and without -passthru.
Logfile size after first connection previously: 750ish KB
After nightly build: 690ish KB
Any ideas?
Do you want a copy of the logfile?
As stated earlier: the authorization policies fails, example authorization policy:
$admin = New-UDAuthorizationPolicy -Name 'Admin' -Endpoint {
param($User)
$User.Identities.Name -match 'me@mydomain.com'
}
If i log the $User param within the auth policy the correct data is passed to them.
I’m gonna put some more logging around this scenario and see if we can get a better error message.
No sure why the auth policy is still running too frequently but I’ll look into it again today and post a new build tonight.
Awesome! Hit me up if you need anything from my side
I think I just reproduced this in the UA dashboard. I have a fix in for that and will release a nightly a bit early if you want to give it a shot. I’m trying to fix up the changelog for those releases too so it actually has info…
I’ll let you know when the release is up.
Awesome dude, thanks
I didn’t get a chance to release this early as I ran into some other issues with the fix that put in. I did eventually resolve those so tonight’s nightly should be good to test.
Hi @adam
So i gave this a go, and seems like it has improved, however the auth policies are executed 9 times for each pageload.
From what i understand using “Get-UDAuthorizationPolicy” should retrieve cached authpolicies if there is any, and not execute the scriptblock within the authpolicy unless the cached ones are outdated?
Another issue is… i cannot seem to get my auth policies validated, the 500 error is gone though
I have however sorted my auth policies, as it seems using “-match” param doesn’t work anymore on $User.Identities.Name when using oauth. Asuming a simple foreach on this would do, as oauth returns two identical identities.
$stuff = @{
Name = "BoSen29"
Name2 = "BoSen29"
}
#returns BoSen29 x2
$stuff.Values -match "Bosen29"
#Probably a working example
Foreach ($stuffs in $stuff.Values) {
if ($stuffs -match "BoSen29") {
return $true
}
}
return $false
I’ll test my ideas and report back!
$admin = New-UDAuthorizationPolicy -Name 'Admin' -Endpoint {
param($User)
$out = $false
foreach ($UserId in $User.Identities.Name) {
if ($UserId -match "bosen29") {
$out = $true
LogAndConsole ($UserId + " success")
}
else {
LogAndConsole ($UserId + " failed")
}
}
return $out
}
This returns $true according to my logging function “LogAndConsole” (apologies for the non-verbalized function, 'twas a long time ago)
The auth policy is never taken into UD though.
This works like a charm in the regular AzureAD auth.
Smells like i need to register this as an issue on Github?
Ack. Ok. I’m looking at running the auth policies in a different way as the current way might be causing problems. It seems like there is a timing issue with the way I’m currently doing it.
I noticed that in my simple dashboard, the changes made to restrict the number of executions of the policies was fine but when you add a bunch more controls, it starts to run multiple times again. I’m seeing this in the UA dashboard. I’m also seeing it run auth policies on LOGOUT
That said, I’m hooking into the auth provider events so that they only run once and at the correct time. It’s a bit more work because each auth provider has a different set of events but this is the more correct way to do. I’m currently traveling for the holidays it probably won’t be a super quick turn around here but I’ll let you know when I have something working.
Please file an issue for now and we can use it as a place holder for this.
This sounds like a lot of work required…
On the bright side: oauth 2.0 is an open standard
You enjoy your holidays, I’ve got enough projects to keep me busy during the holiday downtime.
Are there any other reply URLs? I have the below set in my app but I always get URL specified does not match.
I was able to figure it out. The URL of the Microsoft login page showed the reply URL. Since I am in dev and using allow login over HTTP, the reply address had to be HTTP as well.