Forum Discussion
username AD variable field change
I believe that when we setup a APM login page, the username field is associated with the sAMAccountName field in AD.. is there a way to make that associated with another field like say - userPrincipalName??
We have a policy that is login page -> AD auth -> SS0...
2 Replies
- Kevin_Stewart
Employee
The AD Auth agent will actually work with both, as the underlying Kerberos mechanism will also work with both. For a UPN value you'll need to split the username and domain into their respective session.logon.last.username and session.logon.last.domain session variables, or just use the username variable and first half of the UPN if the users are all in the same domain.
- Kevin_Stewart
Employee
This all depends on how you collect the user credentials on the logon form. If you check the "Split domain from full name" in the logon page properties, then entries with domain\user and user@domain will get automatically split into separate username and domain variables. If, for example. a user's UPN is [email protected], and their sAMAccountName is Simon, then the following would work in the logon form:
simon domain\simon [email protected] 1234567890 [email protected] domain\1234567890Because any combination will apparently work, it'll be a trick to figure out which is which (sAMAccountName or userPrincipalName), but then you may not have to.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com