search

ironmansoftware / powershell-universal

Issue tracker for PowerShell Universal
https://powershelluniversal.com
35 stars 3 forks source link

Groups are not listed in Claims #3463

Closed RubenT91 closed 2 months ago

RubenT91 commented 2 months ago

Version

4.2.21

Severity

Low

Environment

msi

Steps to Reproduce

We set up PSU and tried the SAML2 authentication - unfortunately for some users (with many groups) the groups are not listed when looking into claim information. Instead of the groups directly there is only one claim type named http://schemas.microsoft.com/claims/groups.link with nothing but an URL to graph.windows.net More information in the ticket.

Expected behavior

Be able to see all the groups claims listed from PSU Security settings.

Actual behavior

It does work as configured with my user having 108 groups; the others where it's not working are using 200+ groups.

Additional Environment data

No response

Screenshots/Animations

image image

adamdriscoll commented 2 months ago

Related to #2121

adamdriscoll commented 2 months ago

@RubenT91 - I've determined this is a configuration issue. You can limit the number of groups that Azure provides through filtering in the Enterprise Application registration or by group assignment in the Application Registration. I've updated the documentation here: https://docs.powershelluniversal.com/config/security/saml2#group-overages