search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsWebApiApplication: Test-DscConfiguration Always Returns `$false` if Multiple `AllowedClientTypes` are Defined #63

Closed X-Guardian closed 1 year ago

X-Guardian commented 1 year ago

Details of the scenario you tried and the problem that is occurring

If multiple AllowedClientTypes are defined on an AdfsWebApiApplication resource, Test-DscResource will always return $false.

Verbose logs showing the problem

VERBOSE: Perform operation 'Invoke CimMethod' with following parameters, ''methodName' = TestConfiguration,'className' = 
MSFT_DSCLocalConfigurationManager,'namespaceName' = root/Microsoft/Windows/DesiredStateConfiguration'.
VERBOSE: An LCM method call arrived from computer ADFS01 with user sid S-1-5-21-3553084080-2500667019-4197401787-500.
VERBOSE: [ADFS01]: LCM:  [ Start  Test     ]
VERBOSE: [ADFS01]: LCM:  [ Start  Resource ]  [[AdfsApplicationGroup]AppGroup1]
VERBOSE: [ADFS01]: LCM:  [ Start  Test     ]  [[AdfsApplicationGroup]AppGroup1]
VERBOSE: [ADFS01]:                            [[AdfsApplicationGroup]AppGroup1] Testing 'AppGroup1'. (AG002)
VERBOSE: [ADFS01]:                            [[AdfsApplicationGroup]AppGroup1] Getting 'AppGroup1'. (AG001)
VERBOSE: [ADFS01]:                            [[AdfsApplicationGroup]AppGroup1] 'AppGroup1' is in the desired state. (AG007)
VERBOSE: [ADFS01]: LCM:  [ End    Test     ]  [[AdfsApplicationGroup]AppGroup1] True in 2.8600 seconds.
VERBOSE: [ADFS01]: LCM:  [ End    Resource ]  [[AdfsApplicationGroup]AppGroup1]
VERBOSE: [ADFS01]: LCM:  [ Start  Resource ]  [[AdfsWebApiApplication]WebApiApp1]
VERBOSE: [ADFS01]: LCM:  [ Start  Test     ]  [[AdfsWebApiApplication]WebApiApp1]
VERBOSE: [ADFS01]:                            [[AdfsWebApiApplication]WebApiApp1] Testing 'AppGroup1 - App1 Web API'. (WEB002)
VERBOSE: [ADFS01]:                            [[AdfsWebApiApplication]WebApiApp1] Getting 'AppGroup1 - App1 Web API'. (WEB001)
VERBOSE: [ADFS01]:                            [[AdfsWebApiApplication]WebApiApp1] The parameter 'AllowedClientTypes' is not in the desired state. 
Expected 'Public, Confidential', Actual 'Public, Confidential'. (ADFSCOMMON0003)

Suggested solution to the issue

The AlllowedClientTypes property of the WebApiApplication is an Microsoft.IdentityServer.Protocols.PolicyStore.AllowedClientTypes enum and needs converting to a string array in the Get-TargetResource function.

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration AdfsWebApiApplication_Config
{
    param()

    Import-DscResource -ModuleName AdfsDsc

    Node localhost
    {
        AdfsWebApiApplication WebApiApp1
        {
            Name                          = 'AppGroup1 - Web API'
            ApplicationGroupIdentifier    = 'AppGroup1'
            Identifier                    = 'e7bfb303-c5f6-4028-a360-b6293d41338c'
            Description                   = 'App1 Web Api'
            AccessControlPolicyName       = 'Permit everyone'
            AlwaysRequireAuthentication   = $false
            AllowedClientTypes            = 'Public', 'Confidential'
            IssueOAuthRefreshTokensTo     = 'AllDevices'
            NotBeforeSkew                 = 0
            RefreshTokenProtectionEnabled = $true
            RequestMFAFromClaimsProviders = $false
            TokenLifetime                 = 0
        }
    }
}

The operating system the target node is running

<!--
    Please provide as much as possible about the target node, for example
    edition, version, build and language.
    On OS with WMF 5.1 the following command can help get this information.

    Get-ComputerInfo -Property @(
        'OsName',
        'OsOperatingSystemSKU',
        'OSArchitecture',
        'WindowsVersion',
        'WindowsBuildLabEx',
        'OsLanguage',
        'OsMuiLanguages')
-->
OsName               : Microsoft Windows Server 2019 Standard
OsOperatingSystemSKU : StandardServerEdition
OsArchitecture       : 64-bit
WindowsVersion       : 1809
WindowsBuildLabEx    : 17763.1.amd64fre.rs5_release.180914-1434
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

<!--
    To help with this information, please run this command:
    $PSVersionTable
-->
PSVersion                      5.1.17763.3770
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}
BuildVersion                   10.0.17763.3770
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

1.3.0
ccpyle commented 1 year ago

Thank you for all the recent work on this project.