APM Cookbook: Single Sign On (SSO) using Kerberos
Published Apr 28, 2014
Version 1.0Was this article helpful?
userPrincipalName=%{session.logon.last.username}
That will retrieve the entire AD object for the user that has authenticated via Kerberos, and you will be able to use samAccountName attribute in your SAML assertion(which will effectively have their account name without the domain in it.