cancel
Showing results for 
Search instead for 
Did you mean: 

APM Ldap Query and SSO

hschlecht
Altostratus
Altostratus

Hello,

For authentication, the user use his email address, but after logging we use a SSO mapping to connect to backend server. The backend server doesn't allow the authentication with email address but they need to SAMAccountName. How can I retrive the SamAccount name with a LDAP Query and use the returned SamAccountName for the SSO Token Username in the SSO Mapping process ?

Many Thanks

 

4 REPLIES 4

Sajid
Cirrostratus
Cirrostratus

As per my knowledge, put this in the AD Query for samAccountName

(sAMAccountName=%{session.logon.last.username})

In the SSO you can pass this variable. (SSO Credential Mapping)

SSO Token Username

expr {"{session.ad.last.attr.sAMAccountName}"}

boneyard
MVP
MVP

i do believe your AD query filter would be

 

(UserPrincipalName=%{session.logon.last.username})

 

as the UserPrincipalName is what is available, assuming UserPrincipalName is the same as the email address, else you need to search on the email address. lookup the attribute name in AD for that.

 

before that you have to assign the UserPrincipalName to the session.logon.last.username from the returned SAML attribute. which you can lookup in your APM sessions. it probably is: session.saml.last.identity

 

what is your IdP? is that Azure AD, it can also return the sAMAccountName.

hschlecht
Altostratus
Altostratus

Hello, finally i have found a solution in mixing LDAP Query, If the final user use his email address, the result of the first LDAP Query after LDAP authentication I send give an an error, in this cas I format my LDAP Query in an other way to collect the samaccount name. After collecting the Samaccountname I push this information in the SSO maping. The problem work nice an solve my initial problem.

 

0691T00000C191XQAR.png

nice, thanks for sharing.