For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

The-messenger's avatar
The-messenger
Icon for Cirrostratus rankCirrostratus
Mar 20, 2018

APM use Userprincipalname or SamAccountname

I have several working APM profiles, I want to add the ability to use UPN as well as SamAccountname. Looking at some options, I've changed to LDAP auth with a search filter (|(sAMAccountName=%{session.logon.last.username})(UserPrincipalName=%{session.logon.last.logonname})) **Note - the AD domain is .org UPN (same as email address) is .com

 

I've tried several things with SSO Credential Mapping with unexpected results. I can login with either but, for example with OWA messages cannot be viewed.

 

Looking at session variables I can see that APM is appending the UPN with my internal domain name. user@domain.com@domain.org.

 

application delivery
BIG-IP Access Policy Manager (APM)
security

1 Reply

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 20, 2018

    In ad or ldap query, retrieve sAMAccountName attribute, then in sso credential mapping, set username from attribute sAMAccountName