LDAP: Use email address instead of SamAccountName for IdP authentication.
Waqas Ahmed Khan
waqas.ahmed0 at gmail.com
Thu Jul 12 05:19:31 EDT 2018
Hi,
In Shibboleth IdP we are currently using SamAccountName for authentication.
Below is the configuration in ldap.properties:
idp.authn.LDAP.authenticator= bindSearchAuthenticator
idp.authn.LDAP.userFilter= (sAMAccountName={user})
idp.attribute.resolver.LDAP.searchFilter=
(sAMAccountName=$resolutionContext.principal)
And attribute-filter.xml
<AttributeRule attributeID="eduPersonPrincipalName">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="eduPersonTargetedId">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="uid">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
<AttributeRule attributeID="mail">
<PermitValueRule xsi:type="ANY" />
</AttributeRule>
</AttributeFilterPolicy>
Now we want to change it to an email address. So as per some google
searches, I changed the ldap.properties to :
idp.authn.LDAP.userFilter= (mail ={user})
idp.attribute.resolver.LDAP.searchFilter=(mail=$requestContext.principalName)
But still, users are not authenticating with the email address with the
wrong password. Whereas the same password is working with samAccountName.
Regards,
*Waqas Ahmed Khan*
p: +923212608044
Skype: waqas-ahmed00 <waqas.ahmed0 at gmail.com>
waqas.ahmed0 at gmail.com
[image: LinkedIn] <http://pk.linkedin.com/pub/waqas-ahmed-khan/15/96a/39a/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180712/87404066/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2290 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180712/87404066/attachment.gif>
More information about the users
mailing list