Forum Discussion

Jonathon_Page's avatar
Jonathon_Page
Icon for Nimbostratus rankNimbostratus
Mar 24, 2016

AutoFill username for Office 365 Federation

Hi. This is a simple question but I can't find a solution and ee are just getting started with our F5 implementation. I have deployed the office 365 federation using the f5.microsoft_office_365_id...
BIG-IP Access Policy Manager (APM)
cloud
federation
o365
Andrew_Husking's avatar
Andrew_Husking
Icon for Cirrus rankCirrus
Mar 29, 2016

We got this working in our environment.

The following iRule was used to capture the username from the incoming request from o365.

when ACCESS_POLICY_AGENT_EVENT { 
if { [ACCESS::policy agent_id] eq "GetURIusername" } {
    set username [string map -nocase {"%40" "@"} [URI::query [ACCESS::session data get session.server.landinguri] username]]
    log local0. "Username = $username"

    ACCESS::session data set session.custom.foundusername "1"   
    ACCESS::session data set session.custom.upn $username
    ACCESS::session data set session.logon.last.username [lindex [ split $username "@"] 0]

}

}

After that we have a branch rule that if session.custom.foundusername = 1 it goes to a logon page with a READ ONLY username field. If it's not set, you get a standard logon page.

If you don't have the username as read only it's not populated.

Note that in our iRule we removed the domain from the input as it caused issues.

HTH