UD 2.7.0 - AuthorizationPolicy not Working - AD Authentication w/ Claims

Hello !

I’m struggling since yesterday with Authorization Policies w/ AD authentications.

I checked all posts on the forum as well as documentations and still not able to make it work. Here what I’ve done so far:

Below code is suppose to create 2 Authorization Policies that are returning true from the Design Console

    $Authorization_Policy1 = New-UDAuthorizationPolicy -Name 'Authorization_Policy1' -Endpoint {

        $ClaimsPrincipal.identity.name -contains "Domain\User"
    $Authorization_Policy2 = New-UDAuthorizationPolicy -Name 'Authorization_Policy2' -Endpoint {

        $ClaimsPrincipal.HasClaim("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", "Domain\User")
    $Authorization_Policy3 = New-UDAuthorizationPolicy -Name 'Authorization_Policy3' -Endpoint {

        $ClaimsPrincipal.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid", "S-1-5-21-2275943785-888667295-416476693-XXXX")

    $Auth = New-UDAuthenticationMethod -Windows
    $LoginPage = New-UDLoginPage -AuthenticationMethod @($Auth) -PassThru -AuthorizationPolicy @($Authorization_Policy1,$Authorization_Policy2,$Authorization_Policy3)

Those policies are almost the same as the one in the documentation, except they target users and not AD Groups, can that be the problem, even though I doubt it.

There are no errors in UD logs nor in IIS logs.

I tried monitoring the process using Get-Process UniversalDashboard.Server | Enter-PSHostProcess ant then Debug-Runspace -id X and only weird thing that happens is that I’m getting a You cannot call a method on a null-valued expression when I type Get-UDAuthorizationPolicy that is empty no matter what test I did so far.

I did update web.config to forwardWindowsAuthToken="true".

Anonymous Authentication is Disabled and only Windows Authentication is enabled with Kernel-mode authentication.

Any help would be very much appreciated !

You need to use $User instead of $ClaimsPrincipal

1 Like


quick question. did $User fix your problem?



I figured out what didn’t work for me. My SID is in a variable and the variable gets filled by a JSON configuration file. In version 2.4 it worked perfectly fine. In version 2.8 I have to put the SID variable into the New-UDEndpointInitialization -Variable part. Now everything works again.