Product: PowerShell Universal
Version: 5.5.4
Hi together,
we are currently implementing PowerShell Universal since i found it “by accident” and it is THE software i was trying to find for month now.
One issue I have is SAML - i can’t get it to work properly.
I set up PSU on Windows behind IIS (for HTTPS) - which works fine, but SAML wont.
I tried configuring SAML through GUI, appsettings and authentication file - i got none of it to work.
Here is my current configuration
authentiation.ps1
Set-PSUAuthenticationMethod -Type "Saml2" `
-CallbackPath "https://psu.domain.com/sign-in/saml2" `
-MetadataAddress "https://login.microsoftonline.com/REDACTED/federationmetadata/2007-06/federationmetadata.xml" `
-EntityId "spn:REDACTED" `
-LoadMetadata
When i then try to use the “Login with SAML2” Button on /login I only get a blank screen with HTML 404 response.
I enabled DEBUG logs for the application if that helps
2025-06-27 16:24:17.952 +02:00 [INF][Microsoft.AspNetCore.Mvc.ChallengeResult] Executing ChallengeResult with authentication schemes (["Saml2"]).
2025-06-27 16:24:17.952 +02:00 [DBG][Sustainsys.Saml2.AspNetCore2.Saml2Handler] Expanded Saml2Url
AssertionConsumerServiceUrl: http://localhost:5000/Saml2/Acs
SignInUrl: http://localhost:5000/Saml2/SignIn
LogoutUrl: http://localhost:5000/Saml2/Logout
ApplicationUrl: http://localhost:5000/
2025-06-27 16:24:17.952 +02:00 [DBG][Sustainsys.Saml2.AspNetCore2.Saml2Handler] No specific idp requested and no Discovery Service configured. Falling back to use configured default Idp https://sts.windows.net/REDACTED/
2025-06-27 16:24:17.952 +02:00 [INF][Sustainsys.Saml2.AspNetCore2.Saml2Handler] Initiating login to https://sts.windows.net/REDACTED/
2025-06-27 16:24:17.952 +02:00 [DBG][Sustainsys.Saml2.AspNetCore2.Saml2Handler] Sending message over Http Redirect Binding
<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="id057f9a201da94e87b94042dd9dc66ad0" Version="2.0" IssueInstant="2025-06-27T14:24:17Z" Destination="https://login.microsoftonline.com/REDACTED/saml2" AssertionConsumerServiceURL="http://localhost:5000/Saml2/Acs">
<saml2:Issuer>spn:REDACTED</saml2:Issuer>
</saml2p:AuthnRequest>
2025-06-27 16:24:17.952 +02:00 [WRN][Microsoft.AspNetCore.Http.ResponseCookies] The cookie 'Saml2.LGGLKcNLws0pWgn6azhNHmPW' has set 'SameSite=None' and must also set 'Secure'.
2025-06-27 16:24:17.952 +02:00 [INF][Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker] Executed action UniversalDashboard.Controllers.AuthenticationController.SsoLogin (Universal.Server) in 1.2878ms
2025-06-27 16:24:17.952 +02:00 [INF][Microsoft.AspNetCore.Routing.EndpointMiddleware] Executed endpoint 'UniversalDashboard.Controllers.AuthenticationController.SsoLogin (Universal.Server)'
2025-06-27 16:24:17.952 +02:00 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HNDLGD0NAR95" completed keep alive response.
2025-06-27 16:24:17.952 +02:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://localhost:5000/api/v1/signin/saml2 - 303 0 null 5.1358ms
2025-06-27 16:24:17.959 +02:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://localhost:5000/REDACTED/saml2?SAMLRequest=fJE9a8MwEIb3QP6D0a5YVmVbFnEgNEsgXZK2Qzd9nBuBLaU%2BufTnlzgNtEvXO5573pdbox56flHbKZ3DET4mwJR9DX1Addu0ZBqDiho9qqAHQJWsOm2fDoqvmLqMMUUbe%2FKb%2BR%2FRiDAmHwPJ9ruWeMfKums0Z4XTjQBZm0YwwZ1rnK0q7RjJXmFEH0NL%2BIqRbI84wT5g0iG1hDNeUlZRXj8XQnGhivqN5kvrVINstFlq3nS2ruMW7wEpSVXem0sLQ24KioeEnNgzGUF9I00sjOAqxvAe7YcvEz%2BPu7zTcAAAD%2F%2FwMA&RelayState=LGGLKcNLws0pWgn6azhNHmPW - null null
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler] AuthenticationScheme: Cookies was not authenticated.
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware] The request path /REDACTED/saml2 does not match a supported file type
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware] The request path does not match the path filter
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware] The request path does not match the path filter
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.Routing.Matching.DfaMatcher] 1 candidate(s) found for the request path '/REDACTED/saml2'
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.Routing.Matching.DfaMatcher] Endpoint 'gRPC - Unimplemented service' with route pattern '{unimplementedService}/{unimplementedMethod:grpcunimplemented}' was rejected by constraint 'unimplementedMethod':'Grpc.AspNetCore.Server.Model.Internal.GrpcUnimplementedConstraint' with value 'saml2' for the request path '/REDACTED/saml2'
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.Routing.Matching.DfaMatcher] Endpoint 'gRPC - Unimplemented service' with route pattern '{unimplementedService}/{unimplementedMethod:grpcunimplemented}' is not valid for the request path '/REDACTED/saml2'
2025-06-27 16:24:17.960 +02:00 [DBG][Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware] Request did not match any endpoints
2025-06-27 16:24:17.962 +02:00 [DBG][Microsoft.AspNetCore.Server.Kestrel.Connections] Connection id "0HNDLGD0NAR95" completed keep alive response.
2025-06-27 16:24:17.962 +02:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished HTTP/1.1 GET http://localhost:5000/REDACTED/saml2?SAMLRequest=fJE9a8MwEIb3QP6D0a5YVmVbFnEgNEsgXZK2Qzd9nBuBLaU%2BufTnlzgNtEvXO5573pdbox56flHbKZ3DET4mwJR9DX1Addu0ZBqDiho9qqAHQJWsOm2fDoqvmLqMMUUbe%2FKb%2BR%2FRiDAmHwPJ9ruWeMfKums0Z4XTjQBZm0YwwZ1rnK0q7RjJXmFEH0NL%2BIqRbI84wT5g0iG1hDNeUlZRXj8XQnGhivqN5kvrVINstFlq3nS2ruMW7wEpSVXem0sLQ24KioeEnNgzGUF9I00sjOAqxvAe7YcvEz%2BPu7zTcAAAD%2F%2FwMA&RelayState=LGGLKcNLws0pWgn6azhNHmPW - 404 0 null 2.8933ms
2025-06-27 16:24:17.962 +02:00 [INF][Microsoft.AspNetCore.Hosting.Diagnostics] Request reached the end of the middleware pipeline without being handled by application code. Request path: GET http://localhost:5000/REDACTED/saml2, Response status code: 404
I can see that the AssertionConsumerServiceURL points to localhost - could this be the issue?
Thanks in advance.
Raphael