locked
Authentication via UPN, return SAMAccountname RRS feed

  • Question

  • Hello,

    I'm setting a relying party trust for a department website. They would like to authenticate against our active directory using UPN but have the SAM Account Name sent back to them, which is what their application joins to its accounts.

    Is the correct approach to:
    1. Create an LDAP attribute claim rule with AD sending the ldap value User-principal-name as an outgoing claim of UPN
    2. Create a LDAP attribute claim rule with AD sending ldap value sam-account-name mapping to Windows Account Name.

    What I am not sure is whether I need a transform rule.

    Thanks for the guidance.
    Robert

    Thursday, December 3, 2015 1:18 AM

Answers

  • What claim type are they expecting for sAMAccountName?

    Map sAMAccountName to that with an LDAP rule.

    • Marked as answer by Robert.S.T Thursday, December 10, 2015 8:26 PM
    Thursday, December 3, 2015 1:26 AM

All replies

  • What claim type are they expecting for sAMAccountName?

    Map sAMAccountName to that with an LDAP rule.

    • Marked as answer by Robert.S.T Thursday, December 10, 2015 8:26 PM
    Thursday, December 3, 2015 1:26 AM
  • I think they are flexible so let's say they are expecting "Windows Account Name" to map to our AD's Samaccountname.

    In that case, these two rules should allow them to authenticate via UPN and then retrieve samaccountname as well?

    Thanks,

    Robert

    Thursday, December 3, 2015 1:31 AM
  • Yup.

    Thursday, December 3, 2015 5:53 PM
  • HI Robert,

    I am having the same issue.  Did the two rules above work for you?

    Monday, October 17, 2016 12:55 PM
  • I think it would have. In the end, the relying party needed to correct their application.
    Monday, October 17, 2016 3:17 PM