Thursday, September 02, 2010 5:29 PM
I have a 3rd party FBA application that only recognizes a user's UPN string as the username. i.e. DOMAIN\USERNAME will not work in its FBA username prompt.
I've gone through the sections on configuring the FormLogin.xml file here: http://technet.microsoft.com/en-us/library/dd282925.aspx and have been able to successfully get UAG to post the username and password to the FBA application so I know my FormLogin.xml config is working. However, the username syntax is not what the application is expecting (the user's kerberos UPN). Is there a value similar to USER_NAME that passes the Kerberos UPN for the logged in user?
I also tried enabling UPN auth to see if that would pass the UPN but that doesn't seem to have worked. http://technet.microsoft.com/en-us/library/ff607424.aspx
Below is a snip of my xml.
<NAME>formLogin</NAME> <METHOD>POST</METHOD> <CONTROL handling="real_value"> <TYPE>PASSWORD</TYPE> <NAME>txtPassword</NAME> <DEF_VALUE>sitepass</DEF_VALUE> </CONTROL> <CONTROL handling="real_value"> <TYPE>USER_NAME</TYPE> <NAME>txtUserName</NAME> <DEF_VALUE>USER_NAME</DEF_VALUE> </CONTROL> <CONTROL handling="real_value"> <TYPE>submit</TYPE> <NAME>btnLogin</NAME> <DEF_VALUE>Connect</DEF_VALUE> </CONTROL>
Mark E. Smith
Practice Manager, Unified Communications
Capax Global Consulting
My Blog - http://blogs.capaxglobal.com/markesmith
Thursday, September 02, 2010 10:57 PM
I haven't tried it myself, but you may try the following:
1. By taking a look at the instructions in the TechNet article you already mentioned: http://technet.microsoft.com/en-us/library/dd282925.aspx , change the FormLogin.xml CONTROL element type to be USER_ PROVIDED instead of USER_NAME, like this:
2. Then store the user’s UPN in the UAG SessionManager, still as per the instructions of the above TechNet article, as a Session Resource parameter, by creating a [TrunkName][0 for HTTP or 1 for HTTPS]PostPostValidate.inc file in InternalSite\inc\CustomUpdate and using this line of ASP script:
SetSessionResourceParam g_cookie, "<Application ID>", “txtUserName”, "<User’s UPN>"
Note that you need to use the actual Application ID and the actual user’s UPN. Also note that the Session resource parameter name has to be identical to the <NAME> of the CONTROL as defined in FormLogin.xml, so in your case this seems to be txtUserName.
- Marked As Answer by James KilnerMicrosoft Contingent Staff, Owner Thursday, October 14, 2010 7:07 AM