Forum Discussion

SL's avatar
SL
Icon for Cirrus rankCirrus
May 11, 2017

Multiple APM Authentication Methods

Hi All

 

I am busy with an APM deployment where I am required to do user authentication to multiple domains. I have read some articles on how to do the Authentication with various branches within the APM VPE policy to cater for that.

 

The issue I am sitting with is that users are currently using there UPN and Domain\Username to login. The Domain\Username is being catered for as per above. My issue is that the UPN will be in the format of my.name@mydomain.com and the Domain details is Domain\Username. I cant do a simple extract of the Username from the UPN and pass this onto AD to do the Authentication, as the Username is in the format 123456 where the UPN will have my.name.

 

Does anyone have ideas on how I can add a path in the VPE that will cater for users that are logging on with UPN and point them to the correct AAA Servers for Authentication.

 

1 Reply

  • Hi,

    You can define following VPE:

    Start --> Logon Page -Branch Domain1-> Macro Domain1 
                         -Branch Domain2-> Macro Domain2
    

    For each macro domain, use the following tree

    Start --> AD Query with filter --> variable assign --> AD Auth 
    

    AD Query filter must be:

    (|(sAMAccountName=%{session.logon.last.username})(UserPrincipalName=%{session.logon.last.logonname}))
    

    Variable assign must be:

    session.logon.last.username = AAA Attribute AD sAMAccountName