Does anyone know if there have been changes to this?
I updated my dashboard to 2.7.0 yesterday and it does not look like it is processing claims at all. The only page i can access is the one that doesn’t have any AuthorizationPolicy at all.
https://hastebin.com/zolateheje.php
That is my policies and starting my dashboard. Pages are usually like this:
New-UDPage -Name “Accounts Page” -AuthorizationPolicy “UserPolicy”, “ITPolicy” -Icon “users” -Content { … }
There have been changes to authorization policies. Can you please get a log and file a GitHub issue? I’ll look into this today.
I can confirm with 2.7.0 and Azure AD Authentication authorization policies are working as they did previously.
I tested both examples below - the only thing is my Authorization Policy looks a bit different than yours which might be your -windows auth provider
New-UDPage -AuthorizationPolicy "OwnersGroup", "DevelopersGroup"
and
New-UDPage -AuthorizationPolicy @("OwnersGroup", "DevelopersGroup")
My New-UDAuthorizationPolicy
$DeveloperAuthPolicy = New-UDAuthorizationPolicy -Name "DevelopersGroup" -Endpoint {
param($User)
$User.HasClaim("Groups", "88wjq564-6d22-4e47-b9b1-fa956sb915")
}
Opened.
I figured out the issue. For some reason using the $ClaimPrincipal parameter isn’t working. You can use $User like @mylabonline is doing to work around this for now. Should be easy to fix in UD. There should be a nightly build available for this tomorrow.
Going to ask another question, because i feel like this might still be relevant:
Are pages that have -AuthorizationPolicy defined evaluating the policy even if no -LoginPage is specified?
I use an alternate dashboard.ps1 file (conveniently named test-dashboard.ps1) that excludes Loginpage so i can work unhindered and have an easier time debugging.
Now i cant load any pages that have a policy defined, where in 2.6 i could run them freely.
Ah, yep. It’s always evaluating them. I can fix this as well.