How to pass User's UPN to internal FBA appliaction. RRS feed

  • Question

  • I have a 3rd party FBA application that only recognizes a user's UPN string as the username. i.e. DOMAIN\USERNAME will not work in its FBA username prompt.

    I've gone through the sections on configuring the FormLogin.xml file here: http://technet.microsoft.com/en-us/library/dd282925.aspx and have been able to successfully get UAG to post the username and password to the FBA application so I know my FormLogin.xml config is working. However, the username syntax is not what the application is expecting (the user's kerberos UPN). Is there a value similar to USER_NAME that passes the Kerberos UPN for the logged in user?

    I also tried enabling UPN auth to see if that would pass the UPN but that doesn't seem to have worked. http://technet.microsoft.com/en-us/library/ff607424.aspx

    Below is a snip of my xml.

               <CONTROL handling="real_value"> 
               <CONTROL handling="real_value"> 
               <CONTROL handling="real_value"> 





    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Thursday, September 2, 2010 5:29 PM


  • Hi Mark,

    I haven't tried it myself, but you may try the following:

    1.       By taking a look at the instructions in the TechNet article you already mentioned: http://technet.microsoft.com/en-us/library/dd282925.aspx , change the FormLogin.xml CONTROL element type to be USER_ PROVIDED instead of USER_NAME, like this:
            <CONTROL handling="real_value">





    2.       Then store the user’s UPN in the UAG SessionManager, still as per the instructions of the above TechNet article, as a Session Resource parameter, by creating a [TrunkName][0 for HTTP or 1 for HTTPS]PostPostValidate.inc file in InternalSite\inc\CustomUpdate and using this line of ASP script:
           SetSessionResourceParam g_cookie, "<Application ID>", “txtUserName”, "<User’s UPN>"
    Note that you need to use the actual Application ID and the actual user’s UPN. Also note that the Session resource parameter name has to be identical to the <NAME> of the CONTROL as defined in FormLogin.xml, so in your case this seems to be txtUserName.



    • Marked as answer by James Kilner Thursday, October 14, 2010 7:07 AM
    Thursday, September 2, 2010 10:57 PM