Vulnerability in EPiServer.Forms
I have changed our authentication to connect to Azure AD. I've followed all of the instructions on OWIN security but am having an issue with "set access" within the CMS.
I can authenticate and login to the CMS as WebAdmins, but when I go to admin-> set access and search groups, it only returns the AD groups that I am a member of, not all of the groups, which is what we need to allocate access.
Yep, clicking the "add user/groups" button, then searching for groups only returns groups that I am a member of.
I'm expecting it to return all AD groups? not just the ones I am a member of.
In the manifest file. I have set
From what I've looked at with the user/role sync services only the roles that come back in users claims are created in to the system. I'd suggest give a user all roles and logging in and seeing if this creates the roles for you. It's a dirty workaround but might work