search

ironmansoftware / universal-dashboard

Build beautiful websites with PowerShell.
https://universaldashboard.io
GNU Lesser General Public License v3.0
449 stars 85 forks source link

ClaimsPrincipal Data #1514

Open eefisherv opened 4 years ago

eefisherv commented 4 years ago

Describe the Issue

I’m using ADFS 4.0 with UD on IIS. I have it set up to bring back the sAMAccountName and a filtered set of user groups that I use for Authorization. The odd thing is that $ClaimsPrincipal has the data in it twice. I want to loop through the data and grab the groups to use for miscellaneous stuff, but the array will always have two which I don’t want.

To Reproduce

PS UD:> $ClaimsPrincipal.Claims.Type Executing… http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 1 http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name 1 http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/role http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationinstant PS UD:>

I have SAML tracer installed, and I can see that the groups are only returned once.

2020-02-11T11:59:38.653Z 2020-02-11T12:59:38.653Z wsa:Addresshttps://mydashboard.my.domain saml:AudienceRestrictionCondition saml:Audiencehttps://mydashboard.my.domain saml:AttributeStatement saml:Subject saml:NameIdentifiertheuser saml:SubjectConfirmation saml:ConfirmationMethodurn:oasis:names:tc:SAML:1.0:cm:bearer saml:AttributeValuetheuser saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Infoblox-ManageFixedIP saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Infoblox-CreateScope saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-O365-Licenses saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-O365-ResetMFA saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Admins saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Mule-Integrations saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-O365-CreateSharedMB saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-O365-ManageSharedMB saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Tasks-Longview saml:AttributeValueSEC-MYDOMAIN-UDashboard-DEV-Tasks-PIP saml:Subject saml:NameIdentifiertheuser saml:SubjectConfirmation saml:ConfirmationMethodurn:oasis:names:tc:SAML:1.0:cm:bearer ds:SignedInfo ds:Transforms ds:DigestValuey3l43bxp1iGIbn8CwfqD3ms9XXGQ0TWh6f/HoQhupUg= urn:oasis:names:tc:SAML:1.0:assertion http://schemas.xmlsoap.org/ws/2005/02/trust/Issue http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey
adamdriscoll commented 4 years ago

This issue has been mentioned on Ironman Software Forums. There might be relevant details there:

https://forums.universaldashboard.io/t/claimsprincipal-data/2191/3