I am trying to set up WS-Fed authentication against our Universal environment, where certain pages should be visible depending on the roles, and i can’t wrap my head around how to get it to work.
appsettings.json has the configuration:
"WSFed": { "Enabled": "true", "MetadataAddress": "https://sts.companyname.com/FederationMetadata/2007-06/FederationMetadata.xml", "Wtrealm": "myrealm", "CallbackPath": "/auth/signin-wsfed" },
The authentications seems to work, when testing i am redirected to the sts page and then back to Universal.
I am also sending the claim “Role” which set a value based on membership of an AD group:
What I am having issues with is how get this claim, and define which pages should have access to them.
I have changed the roles.ps1 with the following, but how can I see if this role is actually set on the user?
New-PSURole -Name "Reader" -Description "Readers have read-only access to UA. They cannot make changes to any entity within the system." -Policy { param( $User ) if($User.Claims | Where-Object { $_.Type -eq 'Role' -and $_.Value -eq 'Reader' ){ $true } else{ $false } # # Policies should return $true or $false to determine whether the user has the particular # claim that require them for that role. # }
When it comes to pages, is it enough to just set “-Role” with “New-UDPage”? And, can this have multiple values, i.e. @(“Reader”,“Writer”)?
Also, how can I check the role of a user inside the page, for displaying different objects depending on the role?
Sorry for the long post, but I have been stuck on this for some time and I am not getting anywhere with this.
Any help/information is greatly appreciated!