fix issue #54 where authentication context claims value cannot be ret…

…rieved
kayasax · Jun 26, 2024 · e8f2d4a · e8f2d4a
1 parent fb0d86e
commit e8f2d4a
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 2 deletions.
diff --git a/EasyPIM/EasyPIM.psd1 b/EasyPIM/EasyPIM.psd1
@@ -4,7 +4,7 @@
 RootModule = 'EasyPIM.psm1'
 
 # Version number of this module.
-ModuleVersion = '1.6.3'
+ModuleVersion = '1.6.4'
 
 # Supported PSEditions
 # CompatiblePSEditions = @()

diff --git a/EasyPIM/functions/Set-PIMAzureResourcePolicy.ps1 b/EasyPIM/functions/Set-PIMAzureResourcePolicy.ps1
@@ -180,8 +180,12 @@ function Set-PIMAzureResourcePolicy {
         if (!($PSBoundParameters.Keys.Contains('scope'))) {
             $script:scope = "subscriptions/$script:subscriptionID"
         }
+        else {
+            $script:scope = $scope
+        }
         write-verbose "scope: $script:scope"
         $script:tenantID=$tenantID
+
 
         #at least one approver required if approval is enable
         # todo chech if a parameterset would be better

diff --git a/EasyPIM/internal/functions/get-config.ps1 b/EasyPIM/internal/functions/get-config.ps1
@@ -86,8 +86,15 @@ function get-config ($scope, $rolename, $copyFrom = $null) {
         # active assignment rules
         $_activeAssignmentRules = $response.properties.rules | Where-Object { $_.id -eq "Enablement_Admin_Assignment" } | Select-Object -expand enabledRules
         #Authentication Context
+        Write-Verbose " >> Authentication Context response: \n $($response.properties.rules | Where-Object { $_.id -eq "AuthenticationContext_EndUser_Assignment" })"
         $_authenticationcontext_enabled = $response.properties.rules | Where-Object { $_.id -eq "AuthenticationContext_EndUser_Assignment" } | Select-Object -expand isEnabled
-        $_authenticationcontext_value = $response.properties.rules | Where-Object { $_.id -eq "AuthenticationContext_EndUser_Assignment" } |Select-Object -expand claimValue
+        if($false -eq $_authenticationcontext_enabled){
+            $_authenticationcontext_value = $null #fix issue #54
+        }
+        else{
+            $_authenticationcontext_value = $response.properties.rules | Where-Object { $_.id -eq "AuthenticationContext_EndUser_Assignment" } |Select-Object -expand claimValue
+        }
+
 
         # approval required
         $_approvalrequired = $($response.properties.rules | Where-Object { $_.id -eq "Approval_EndUser_Assignment" }).setting.isapprovalrequired