Forum Discussion
AltostratusAPM Ldap Query and SSO
Hello,
For authentication, the user use his email address, but after logging we use a SSO mapping to connect to backend server. The backend server doesn't allow the authentication with email address but they need to SAMAccountName. How can I retrive the SamAccount name with a LDAP Query and use the returned SamAccountName for the SSO Token Username in the SSO Mapping process ?
Many Thanks
SajidCirrostratus
As per my knowledge, put this in the AD Query for samAccountName
(sAMAccountName=%{session.logon.last.username})
In the SSO you can pass this variable. (SSO Credential Mapping)
SSO Token Username
expr {"{session.ad.last.attr.sAMAccountName}"}
- boneyard
MVP
i do believe your AD query filter would be
(UserPrincipalName=%{session.logon.last.username})
as the UserPrincipalName is what is available, assuming UserPrincipalName is the same as the email address, else you need to search on the email address. lookup the attribute name in AD for that.
before that you have to assign the UserPrincipalName to the session.logon.last.username from the returned SAML attribute. which you can lookup in your APM sessions. it probably is: session.saml.last.identity
what is your IdP? is that Azure AD, it can also return the sAMAccountName.
hschlechtHello, finally i have found a solution in mixing LDAP Query, If the final user use his email address, the result of the first LDAP Query after LDAP authentication I send give an an error, in this cas I format my LDAP Query in an other way to collect the samaccount name. After collecting the Samaccountname I push this information in the SSO maping. The problem work nice an solve my initial problem.
- boneyard
nice, thanks for sharing.
