UAG new authentication credentials/ repository based on existing AD attributes RRS feed

  • Question

  • Hi,

    We have some legacy web applications that LDAP to our AD unfortunately for reasons unknown they don't use SAMAccountname but title attribute (student number in our case) as the username.

    We want to add these as a normal form fill SSO application on UAG, which is straight AD auth for the portal.

    So what is the best way to go about this?

    Initially I thought ldap query in postpostvalidate.inc and assign the title as username in a secondary repository with the current password.

    Based around this  post  I've made a postpostvalidation file but with an LDAP querie to get the title attribute. I have created my 'Legacy' Authentication respository applied that to the application properties. 

    Now I get you are not authorised to access this application message so I presume you need to set some other variables to let UAG know it has valid credentials for that repository other than AddSessionUser(g_cookie, VarUserB, VarPasswordB, "RepositoryB")?

    So can you do it this way, or would it be better to do this a custom respository.inc to do this and / or a seperate SQL database, I'm getting a bit confised?

    Appologies if I have missed something blatantly obvious but I'm a ASP & UAG newbie trying to get the most out of the product & learn at the same time.

    Thanks in advance,



    Just found this post ( why I couldn't find it before I don't know, I've been searching for days for info) seems to cover almost exactly what I want, most of what I have done already should work.

    Any other other experienced advice appreciated.



    Tuesday, May 17, 2011 1:06 PM


  • -Update2-

    Something was up with my postpostvalidate.inc deleted it and recreated it and it all works!

    FYI this post has code that is very easily modified to accomplish my requirements but design for adding SAMAccountName credential from upn.



    • Marked as answer by Ged_Attwood Tuesday, May 17, 2011 11:03 PM
    Tuesday, May 17, 2011 11:03 PM