WS-Federation Confusion

Product: PowerShell Universal
Version: 1.4.6

I am not understanding how I set up the claims.

I am authenticating using SSO but I want it to assign to my custom roles and I don’t understand where the policies are updated.

I have 2 roles created
Admins - Admins Security Group
Users = Users Security Group

I just want users to see pages or dashboards and that’s it Admins see everything.
I am just lost on this part

Help on this is appreciated.

You need to setup the policy script to check the claims of the user logging in. Here’s an example of how to do so with Active Directory. It will be similar to WS-Fed: https://docs.powershelluniversal.com/config/security#example-policy-based-on-active-directory-group-membership-windows-authentication

So I added the following to roles.ps1 and it’s still defaulting to Policy Defined for my non-admin users.
Should it be displaying the roles I created for the user or continue to use Policy Defined?

New-PSURole -Name "Admins" -Policy {
param($User)

$User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'S-1-5-21-2455101938-2081098319-3243300316-1067472')

$true
} 
New-PSURole -Name "Users" -Policy {
param(
$User
)
$User.HasClaim("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid", 'S-1-5-21-2455101938-2081098319-3243300316-1067593')

$true
}

It will continue to show Policy Defined in the dashboard. The user’s role will be determined upon login. If you assign a role in the identities page, that is static and it won’t run the policy.

So I tested my policy and I am getting a null returned in my JSON file

$User | ConvertTo-Json | Out-File .\myAdmins.json

When i set authentication on a page it breaks and i get 404 error.

The entire JSON file is empty when you do this?

No it says null

Ok. I’m going to open an issue to track this because I need to setup WS-Fed to verify that I’m not missing something here.

That variable should never be null in roles.ps1

I forgot to mention this happened in version 2.5.3 I am going to revert to 2.5.2 and see what happens