Windows Authentication, IIS, PU 5.0.5

PowerShell Universal
1 
Product: PowerShell Universal
Version: 5.0.5

I am struggling …

I have been using PU 3 and 4 on IIS running on window server 2022, with Windows Authentication enabled. it took a few tries and work flawlessly even since.

Today I deciede to setting up a new instance and plan to migrate PU 3 and 4 to PU5 and trying to make SSO without success, maybe I did something wrong… :slight_smile: (a new setup, not upgrade from 3 or 4)

Here is my steps:

  1. Download 5.0.5 zip
  2. Unpack to PU5_IIS folder
  3. Create PU5_Data for data storage
  4. Create App Pool according to the guide
  5. Create Web Site according to the guide
  6. Binging valude certificate according
  7. HTTP runs on port 10090, HTTPS runs on port 10443
  8. First start works, created admin password and able to login, apply license works
  9. appsettings.json
    image
    image910×347 12.9 KB

    10.Authentication Method added
    image
    image1605×391 23.5 KB

    11.Role for administrator connected to an AD Group
    image
    image1201×518 44.1 KB

    12.Restart app pool and the site
  10. Start web browser as another user with is member of the admin ad group
    image
    image916×780 36.1 KB

    and every time I press Login with Windows, I can see briefly that the user name shows upp in the right upper corner and I can see in the session with still with “admin” user logged in, under “identities”, the user shows upp as external.
    image
    image1360×132 9.04 KB

    If I logout my default admin user, I won’t be able to login again.

Sidenot, PU has been a great tool for me and saved a lot time, I really hope it’s me who missed something :slight_smile:

2

tried a bit more and found out if I turn off anonymous auth in IIS, then SSO works.
but logged in user has no rights, even the user is in the right AD group.
and I need anonymous auth, as according to the guide, token based API calls needs this.

image
image1433×351 36.7 KB

3

I tried one more thing …
commented out the line added for Windows Auth method in the authentication.ps1 and suddenly it works. Now I am super confused.
Should I wait for a more stable release or am I really missing something.
BTW, not able to login if I turned on anonymoys auth in IIS still.

image
image1922×382 36.5 KB

4

I opened an issue for this here as you’re not the only one struggling with IIS and Windows auth: IIS with Anonymous Auth enabled prevents Windows auth from working · Issue #3715 · ironmansoftware/powershell-universal · GitHub

I also had some trouble with Windows auth in my environment and it seemed like cached claims were catching me and after restarting the service I could get it to work but this was an MSI install and not IIS.

Either way, we are looking into this specific issue but also added the missing “Clear Cached Claims” button back to the roles page.

5

thanks, adam, I will wait for a fix and thanks for a great job!

6

just downloaded 5.0.6 release and enabld anonymous auth in IIS, everything seems working, thanks for the quick fix!!