New-UDAuthorizationPolicy change?

Does anyone know if there have been changes to this?

I updated my dashboard to 2.7.0 yesterday and it does not look like it is processing claims at all. The only page i can access is the one that doesn’t have any AuthorizationPolicy at all.

https://hastebin.com/zolateheje.php

That is my policies and starting my dashboard. Pages are usually like this:

New-UDPage -Name “Accounts Page” -AuthorizationPolicy “UserPolicy”, “ITPolicy” -Icon “users” -Content { … }

There have been changes to authorization policies. Can you please get a log and file a GitHub issue? I’ll look into this today.

I can confirm with 2.7.0 and Azure AD Authentication authorization policies are working as they did previously.

I tested both examples below - the only thing is my Authorization Policy looks a bit different than yours which might be your -windows auth provider

New-UDPage -AuthorizationPolicy "OwnersGroup", "DevelopersGroup"

and

New-UDPage -AuthorizationPolicy  @("OwnersGroup", "DevelopersGroup")

My New-UDAuthorizationPolicy

$DeveloperAuthPolicy = New-UDAuthorizationPolicy -Name "DevelopersGroup" -Endpoint {
param($User)

$User.HasClaim("Groups", "88wjq564-6d22-4e47-b9b1-fa956sb915")

}

Opened.

1 Like

I figured out the issue. For some reason using the $ClaimPrincipal parameter isn’t working. You can use $User like @mylabonline is doing to work around this for now. Should be easy to fix in UD. There should be a nightly build available for this tomorrow.

Going to ask another question, because i feel like this might still be relevant:

Are pages that have -AuthorizationPolicy defined evaluating the policy even if no -LoginPage is specified?

I use an alternate dashboard.ps1 file (conveniently named test-dashboard.ps1) that excludes Loginpage so i can work unhindered and have an easier time debugging.

Now i cant load any pages that have a policy defined, where in 2.6 i could run them freely.

Ah, yep. It’s always evaluating them. I can fix this as well.