search

X-Guardian / AdfsDsc

DSC resources for deployment and configuration of Active Directory Federation Services
MIT License
9 stars 5 forks source link

AdfsApplicationPermission: 'Scopenames' Test expects particular order #67

Closed ccpyle closed 1 year ago

ccpyle commented 1 year ago

Details of the scenario you tried and the problem that is occurring

Looks to be similar scenario as Issue #63, Pull #64 When setting multiple "ScopeNames", the order is checked along with the contents. While the resource is configured correctly, the Test will always return $False unless the order seen in the verbose logs matches the MOF order.

Verbose logs showing the problem

[[AdfsApplicationPermission]ServiceNow] The parameter 'ScopeNames' is not in the desired state. Expected 'allatclaims, email, openid', Actual 'email, openid, allatclaims'. (ADFSCOMMON0003)
[[AdfsApplicationPermission]ServiceNow] client role 'ServiceNow Server Application ID' server role 'ServiceNow Server Application ID' is not in the desired state. (AG008)

This seems to be related to the order that the MOF stores the data vs how the configuration is set.

Suggested solution to the issue

Compare Desired ScopeNames to current ScopeNames with no consideration of order

The DSC configuration that is used to reproduce the issue (as detailed as possible)

Configuration AdfsApplicationPermission_Config
{
    Import-DscResource -ModuleName AdfsDsc

    Node localhost
    {
        AdfsApplicationPermission AppPermission1
        {
                ClientRoleIdentifier = 'ServiceNow Server Application ID'
                ServerRoleIdentifier = 'ServiceNow Server Application ID'
                ScopeNames = @('allatclaims','email','openid')
        }
    }
}

The operating system the target node is running

OsName               : Microsoft Windows Server 2022 Standard Evaluation
OsOperatingSystemSKU : 79
OsArchitecture       : 64-bit
WindowsVersion       : 2009
WindowsBuildLabEx    : 20348.1.amd64fre.fe_release.210507-1500
OsLanguage           : en-US
OsMuiLanguages       : {en-US}

Version and build of PowerShell the target node is running

Name                           Value                                                                                                                                                  
----                           -----                                                                                                                                                  
PSVersion                      5.1.20348.1366
PSEdition                      Desktop
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0, 5.0, 5.1.20348.1366}
BuildVersion                   10.0.20348.1366
CLRVersion                     4.0.30319.42000
WSManStackVersion              3.0
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1

Version of the DSC module that was used

1.3.1