Hello !
I’m struggling since yesterday with Authorization Policies w/ AD authentications.
I checked all posts on the forum as well as documentations and still not able to make it work. Here what I’ve done so far:
Below code is suppose to create 2 Authorization Policies that are returning true from the Design Console
$Authorization_Policy1 = New-UDAuthorizationPolicy -Name 'Authorization_Policy1' -Endpoint {
param($ClaimsPrincipal)
$ClaimsPrincipal.identity.name -contains "Domain\User"
}
$Authorization_Policy2 = New-UDAuthorizationPolicy -Name 'Authorization_Policy2' -Endpoint {
param($ClaimsPrincipal)
$ClaimsPrincipal.HasClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "Domain\User")
}
$Authorization_Policy3 = New-UDAuthorizationPolicy -Name 'Authorization_Policy3' -Endpoint {
param($ClaimsPrincipal)
$ClaimsPrincipal.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", "S-1-5-21-2275943785-888667295-416476693-XXXX")
}
$Auth = New-UDAuthenticationMethod -Windows
$LoginPage = New-UDLoginPage -AuthenticationMethod @($Auth) -PassThru -AuthorizationPolicy @($Authorization_Policy1,$Authorization_Policy2,$Authorization_Policy3)
Those policies are almost the same as the one in the documentation, except they target users and not AD Groups, can that be the problem, even though I doubt it.
There are no errors in UD logs nor in IIS logs.
I tried monitoring the process using Get-Process UniversalDashboard.Server | Enter-PSHostProcess ant then Debug-Runspace -id X and only weird thing that happens is that I’m getting a You cannot call a method on a null-valued expression when I type Get-UDAuthorizationPolicy that is empty no matter what test I did so far.
I did update web.config to forwardWindowsAuthToken="true".
Anonymous Authentication is Disabled and only Windows Authentication is enabled with Kernel-mode authentication.
Any help would be very much appreciated !