none
How to pass User's UPN to internal FBA appliaction.

    Question

  • I have a 3rd party FBA application that only recognizes a user's UPN string as the username. i.e. DOMAIN\USERNAME will not work in its FBA username prompt.

    I've gone through the sections on configuring the FormLogin.xml file here: http://technet.microsoft.com/en-us/library/dd282925.aspx and have been able to successfully get UAG to post the username and password to the FBA application so I know my FormLogin.xml config is working. However, the username syntax is not what the application is expecting (the user's kerberos UPN). Is there a value similar to USER_NAME that passes the Kerberos UPN for the logged in user?

    I also tried enabling UPN auth to see if that would pass the UPN but that doesn't seem to have worked. http://technet.microsoft.com/en-us/library/ff607424.aspx

    Below is a snip of my xml.

               <NAME>formLogin</NAME> 
               <METHOD>POST</METHOD> 
               <CONTROL handling="real_value"> 
                   <TYPE>PASSWORD</TYPE> 
                   <NAME>txtPassword</NAME> 
                   <DEF_VALUE>sitepass</DEF_VALUE> 
               </CONTROL> 
               <CONTROL handling="real_value"> 
                   <TYPE>USER_NAME</TYPE> 
                   <NAME>txtUserName</NAME> 
                   <DEF_VALUE>USER_NAME</DEF_VALUE>
               </CONTROL> 
               <CONTROL handling="real_value"> 
                   <TYPE>submit</TYPE> 
                   <NAME>btnLogin</NAME> 
                   <DEF_VALUE>Connect</DEF_VALUE> 
               </CONTROL> 
    

    Thanks!

    Mark

     

     


    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Thursday, September 02, 2010 5:29 PM

Answers

  • Hi Mark,

    I haven't tried it myself, but you may try the following:

    1.       By taking a look at the instructions in the TechNet article you already mentioned: http://technet.microsoft.com/en-us/library/dd282925.aspx , change the FormLogin.xml CONTROL element type to be USER_ PROVIDED instead of USER_NAME, like this:
            <CONTROL handling="real_value">

                            <TYPE>USER_NAME</TYPE>

                            <NAME>txtUserName</NAME>

                            <DEF_VALUE>USER_PROVIDED</DEF_VALUE>

               </CONTROL>

    2.       Then store the user’s UPN in the UAG SessionManager, still as per the instructions of the above TechNet article, as a Session Resource parameter, by creating a [TrunkName][0 for HTTP or 1 for HTTPS]PostPostValidate.inc file in InternalSite\inc\CustomUpdate and using this line of ASP script:
           SetSessionResourceParam g_cookie, "<Application ID>", “txtUserName”, "<User’s UPN>"
    Note that you need to use the actual Application ID and the actual user’s UPN. Also note that the Session resource parameter name has to be identical to the <NAME> of the CONTROL as defined in FormLogin.xml, so in your case this seems to be txtUserName.

    Regards,

    -Ran

    Thursday, September 02, 2010 10:57 PM