SAML 2 Version 5

Hey @adam ,
I reviewed the logs and am unable to see anything in them for that.
I stil see the old part stating -

2025-01-22 17:25:15.183 +00:00 [INF][Microsoft.AspNetCore.Cors.Infrastructure.CorsService] CORS policy execution failed.
2025-01-22 17:25:15.184 +00:00 [INF][Microsoft.AspNetCore.Cors.Infrastructure.CorsService] Request origin https://HOSTNAME does not have permission to access the resource.
2025-01-22 17:25:15.188 +00:00 [INF][Microsoft.AspNetCore.Routing.EndpointMiddleware] Executing endpoint ‘/_blazor/negotiate’
2025-01-22 17:25:15.189 +00:00 [INF][Microsoft.AspNetCore.Routing.EndpointMiddleware] Executed endpoint ‘/_blazor/negotiate’
2025-01-22 17:25:15.189 +00:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/2 POST https://HOSTNAME/_blazor/negotiate?negotiateVersion=1 - 200 316 application/json 6.3838ms
2025-01-22 17:25:15.208 +00:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/2 CONNECT https://HOSTNAME/_blazor?id=jXeIdb8ndxVrVYTsBb10tA - null null
2025-01-22 17:25:15.208 +00:00 [INF][Microsoft.AspNetCore.Cors.Infrastructure.CorsService] CORS policy execution failed.
2025-01-22 17:25:15.208 +00:00 [INF][Microsoft.AspNetCore.Cors.Infrastructure.CorsService] Request origin https://HOSTNAME does not have permission to access the resource.
2025-01-22 17:25:15.212 +00:00 [INF][Microsoft.AspNetCore.Routing.EndpointMiddleware] Executing endpoint ‘/_blazor’
2025-01-22 17:25:15.301 +00:00 [INF][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed. These requirements were not met:
PowerShellUniversal.PermissionRequirement

Under the enterprise agreement we bought is there any remote support I can get on this so someone can take a look? It is likely something simple that I have missed.

My config on the app side mirrors what has been provided and the azure images from @deroppi are different to the ones on the docs for v5. I have tested making an app that way too and I gett that 500 error.

My Azure Enterprise app has been created following the URL -

Just to add, the groups claims is in my azure app.
I do not see my account logging under the identities side.

Feel free to open a support case and we can get something scheduled.

@adam I have created an account and its states pending admin approval.

Hi Adam,
The ticket ID is #10185

@adam @deroppi
Hi Adam,
Thank you for your support.

For everyone else’s awareness, there was a checkbox called ‘Limit Identities’ that restricted this access. Once unchecked it worked.

EDIT - It is under - Settings/General/Platform

Just for clarity, are you referring to the checkbox under Settings/General/Platform that limits access to identities that have been added to the Identities list?

That is correct.

There is an issue with groups, Adam is looking into that.
Right now anyone who is in my tenant can sign into the application (they have no perms though) It does not take into account only users assigned to the enterpise app.

Gotcha. The purpose of that option (at least how I understand it) is that it’s sort of a failsafe to make sure when you’re using external authentication methods that look to see if you’re a member of a group, or something along those lines, that someone malicious couldn’t just add themselves to that group to gain access to PSU inherently because they haven’t explicitly been added as an identity in PSU directly.

Hmm, that makes sense.

Once the groups are fixed, ill enable it again and see if it lets me in as I am part of a group that is set on the Entra App.

If it still does not take into account users who are in that group, you can use a conditional access policy to restrict the access on your app side too.