none
How to pass User's UPN to internal FBA appliaction. RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I have a 3rd party FBA application that only recognizes a user's UPN string as the username. i.e. DOMAIN\USERNAME will not work in its FBA username prompt.

    I've gone through the sections on configuring the FormLogin.xml file here: http://technet.microsoft.com/en-us/library/dd282925.aspx and have been able to successfully get UAG to post the username and password to the FBA application so I know my FormLogin.xml config is working. However, the username syntax is not what the application is expecting (the user's kerberos UPN). Is there a value similar to USER_NAME that passes the Kerberos UPN for the logged in user?

    I also tried enabling UPN auth to see if that would pass the UPN but that doesn't seem to have worked. http://technet.microsoft.com/en-us/library/ff607424.aspx

    Below is a snip of my xml.

               <NAME>formLogin</NAME> 
           <METHOD>POST</METHOD> 
           <CONTROL handling="real_value"> 
               <TYPE>PASSWORD</TYPE> 
               <NAME>txtPassword</NAME> 
               <DEF_VALUE>sitepass</DEF_VALUE> 
           </CONTROL> 
           <CONTROL handling="real_value"> 
               <TYPE>USER_NAME</TYPE> 
               <NAME>txtUserName</NAME> 
               <DEF_VALUE>USER_NAME</DEF_VALUE>
           </CONTROL> 
           <CONTROL handling="real_value"> 
               <TYPE>submit</TYPE> 
               <NAME>btnLogin</NAME> 
               <DEF_VALUE>Connect</DEF_VALUE> 
           </CONTROL>

    Thanks!

    Mark

     

     

    Mark E. Smith
    Practice Manager, Unified Communications
    Capax Global Consulting
    My Blog - http://blogs.capaxglobal.com/markesmith
    Thursday, September 2, 2010 5:29 PM
    |

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Mark,

    I haven't tried it myself, but you may try the following:

    1.       By taking a look at the instructions in the TechNet article you already mentioned: http://technet.microsoft.com/en-us/library/dd282925.aspx , change the FormLogin.xml CONTROL element type to be USER_ PROVIDED instead of USER_NAME, like this:
            <CONTROL handling="real_value">

                            <TYPE>USER_NAME</TYPE>

                            <NAME>txtUserName</NAME>

                            <DEF_VALUE>USER_PROVIDED</DEF_VALUE>

               </CONTROL>

    2.       Then store the user’s UPN in the UAG SessionManager, still as per the instructions of the above TechNet article, as a Session Resource parameter, by creating a [TrunkName][0 for HTTP or 1 for HTTPS]PostPostValidate.inc file in InternalSite\inc\CustomUpdate and using this line of ASP script:
           SetSessionResourceParam g_cookie, "<Application ID>", “txtUserName”, "<User’s UPN>"
    Note that you need to use the actual Application ID and the actual user’s UPN. Also note that the Session resource parameter name has to be identical to the <NAME> of the CONTROL as defined in FormLogin.xml, so in your case this seems to be txtUserName.

    Regards,

    -Ran

    • Marked as answer by James Kilner Thursday, October 14, 2010 7:07 AM
    Thursday, September 2, 2010 10:57 PM
    |