Product: PowerShell Universal
Version: 3.1.0

Not sure what I am doing wrong, but currently have windows auth setup and am trying to assign a custom role like so:

New-PSURole -Name “DBA” -Description “Member of [Domain\DBA Team]” -ClaimType “http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid” -ClaimValue “X-X-X-XX-XXXXXXXXXXXXXXXXXXXXXXXXXXX”

However, when signing in I notice that I am not given this role. I have a dashboard setup that shows all of my claims and within that list I can clearly see the claim value associated to my user. Their appears to be some sort of disconnect, but the setup seems very straightforward so not sure what I am missing.

Edit: This also does not seem to work:

$UserClaims = $User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'XXXXXXXXXXXXXXXXXXXXXXXXXXX')
$IsMember = $false;
if($UserClaims){
$IsMember = $true
}
return $IsMember

I ended up removing Windows Authentication after noticing it was disabled in AppSettings. Once I enabled in AppSettings I noticed on the frontend windows auth popped back up. However, the new-psurole -claimtype -claimvalue do not work whatsoever despite the proper claims showing under roles.

The following syntax works for some users, but not others:

$UserClaims = $User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'XXXXXXXXXXXXXXXXXXXX')
$IsMember = $false;
if($UserClaims){
$IsMember = $true
}
return $IsMember

So for the users that that does not work with… I have to use an LDAP member search for the specific group.