Webrequest with Windows Authentication responds with a 403

Product: PowerShell Universal
Version: 4.2.12

Hello, We’ve setup a POC of a PowerShell Universal server with a trial license. We need to test a case to make PowerShell scripts available as endpoints. One of the requirements is to set it up with Windows Authentication and Authorization through Active Directory groups. I have created a role with a policy that demands that a user needs to be member of a specific group. My user account is member of that group but I receive a 403 response when running the following request “Invoke-RestMethod -Method Get -Uri https://myserver/endpoint -UseDefaultCredentials”. My test account which is also member of the same group can succesfully run this webrequest. So I guess that the kerberos authentication setup was done correctly. I allready cleared the claims cache. While troubleshooting I discovered that my account is member of 527 groups, while my test account is member of 108 groups. So could that be the cause of this issue? I found that the header size could be an issue, although that was in the documentation to setup PSU with an IIS server and our POC is setup as a Windows service. I hope someone can point me in the right direction, because I find the PowerShell Universal solution looks very promissing. Thanks in advance.

I found the following message in the system log:
‘Authorization’ header found but the scheme is not a ‘Basic’ scheme.
instead of domain\user is part of role…

OK, I found what caused the issue. Apparently the user may not have the build in Administrator role assigned. The endpoint was restricted to a custom role. Alltough the user also applied to that custom role it could not succesfully run the request to the endpoint while it also had the administrator role assigned.