PSU Authenticated Dashboard - too many redirects

Product: PowerShell Universal
Version: 1.5.9 - downgraded to 1.5.8 with same issue
Windows Service Setup - Server 2019.
Net Core 5.0 installed, upgraded to 5.0.2 to attempt to fix issue

The Setup:
My PSU login is forms configured to authenticate with LDAP, based off the documentation pages. My dashboard is Auth enabled, with a custom role setup that auths based off membership of an AD group. My pages within the dashboard do not use the -role parameter, instead I compare the $roles object with a specified array at the top of each page specifying each role that is allowed which correspond to custom roles i’ve created based of LDAP AD group membership lookup. If the person isn’t a member of an allowed role, they get a nice message telling them so and to contact the admin.

My dashboard while on PSU 1.5.0 has been working perfectly. I went ahead today and while putting out a release of new dashboard version with new page, upgraded to 1.5.9. I ran across this issue in my lab, but I figured it was the woes of a lab and all the crazy stuff I had put it through. PSU starts without issue, the dashboard starts, but when you attempt to access it you get sent to a “Too many redirects” page. The URL looks a bit like this, only that repeating part goes on much longer. I downgraded to 1.5.8 and encountered the same issue. Due to time constraints in my maintenance window I fell back to what worked, 1.5.0, so I didn’t have an opportunity to other versions to see if I could lock down when this would have started in the code-base.

Saw some notes on the 1.5.10 changelog, was wondering if they addressed this issue @adam

Does the dashboard have a role assigned? We’ve seen this issue where the role assignment wasn’t actually working before 1.5.3. After the upgrade the role assignment works but for one reason or another, the user doesn’t actually have the role you’ve assigned to the dashboard.

A couple reasons for the role assignment not succeeding:

  • roles.ps1 isn’t working but seemed do before
  • Assigning an admin role but the dashboard is set to something like reader
  • Identity has a statically assigned role rather than the policy defined one that doesn’t match

This is the most common reason I’ve seen this. I would start by grabbing a log. It will list the roles that a user is a part of when they login.

I’ll look over these and get back with you. I can’t do 1.5.8 in my lab since my old perpetual license lapsed in Dec, so i’ll figure out some way of testing it out.