Native Login with Domain fails to deserialize authentication.ps1 after restart
Native Login with Domain fails to deserialize authentication.ps1 after restart
## Description of Issue:
Forms Authentication with Native Login fails to reload when both `-Native` and `-Domain` are configured on `Set-PSUAuthenticationMethod`.
The intended configuration is to allow users to authenticate with native/domain credentials and then use the resulting group claims for role authorization. The role mapping itself is not the failing part. The failure occurs when PSU reloads `.universal/authentication.ps1`.
A minimal failing configuration is:
```powershell
Set-PSUAuthenticationMethod -Type "Form" -Native -Domain "ExampleDomain"
```
This also fails when a script block is included:
```powershell
Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
param(
[PSCredential]$Credential
)
New-PSUAuthenticationResult -ErrorMessage 'Invalid credentials'
} -Native -Domain "ExampleDomain"
```
Isolation results:
* `Set-PSUAuthenticationMethod -Type "Form" -Native` loads successfully.
* `Set-PSUAuthenticationMethod -Type "Form" -Domain "ExampleDomain"` loads successfully.
* `Set-PSUAuthenticationMethod -Type "Form" -Native -Domain "ExampleDomain"` fails during reload/deserialization.
* Git Sync is not required to reproduce.
* A multi-node setup is not required to reproduce.
* A shared SQL backend is not required to reproduce.
* The same type of failure was observed after a service restart when PSU attempted to reload `authentication.ps1`.
Reproduction steps:
1. Start PowerShell Universal.
2. Configure `.universal/authentication.ps1` with:
```powershell
Set-PSUAuthenticationMethod -Type "Form" -Native -Domain "ExampleDomain"
```
3. Restart PowerShell Universal or otherwise cause the repository configuration to reload.
4. Review the system logs.
5. Attempt to load the login page.
Expected result:
PowerShell Universal should reload the Forms Authentication Native Login configuration successfully, and the login page should remain usable.
Actual result:
PowerShell Universal fails to deserialize `authentication.ps1`. The login page may render in an incomplete or unusable state.
Observed error:
```text
Error deserializing /home/data/UniversalAutomation/Repository/.universal/authentication.ps1. Parameter set cannot be resolved using the specified named parameters. One or more parameters issued cannot be used together or an insufficient number of parameters were provided.
```
This appears to be related specifically to the `-Native -Domain` parameter combination.
## Version:
Confirmed affected:
* PowerShell Universal 2026.1.7, reproduced in Docker using `ironmansoftware/universal:2026.1.7-ubuntu-24.04`.
* PowerShell Universal 2026.1.6, observed in an MSI Windows Service environment.
## Severity
High - Bug has serious impact on usage, impacts a large number of users.
## Hosting Method?
Docker Container
## Operating System?
Linux
## What Database are you running?
Unknown
## Is this instance licensed?
Yes
## Features:
* Forms Authentication
* Native Login
* Repository-based configuration
* Role authorization using claims
## Additional Environment data:
* Reproduced using Docker image: `ironmansoftware/universal:2026.1.7-ubuntu-24.04`
* Git Sync was not required to reproduce.
* Multi-node hosting was not required to reproduce.
* Shared SQL backend was not required to reproduce.
* Customer-observed environment was also affected on PSU 2026.1.6 with MSI Windows Service hosting, but the minimal reproduction was confirmed independently in Docker.