LDAP: Use email address instead of SamAccountName for IdP authentication.

Waqas Ahmed Khan waqas.ahmed0 at gmail.com
Thu Jul 12 05:19:31 EDT 2018


In Shibboleth IdP we are currently using SamAccountName for authentication.

Below is the configuration in ldap.properties:

idp.authn.LDAP.authenticator= bindSearchAuthenticator
idp.authn.LDAP.userFilter= (sAMAccountName={user})

And attribute-filter.xml

        <AttributeRule attributeID="eduPersonPrincipalName">
            <PermitValueRule xsi:type="ANY" />

        <AttributeRule attributeID="eduPersonTargetedId">
            <PermitValueRule xsi:type="ANY" />

        <AttributeRule attributeID="uid">
            <PermitValueRule xsi:type="ANY" />

        <AttributeRule attributeID="mail">
            <PermitValueRule xsi:type="ANY" />

Now we want to change it to an email address.  So as per some google
searches, I changed the ldap.properties to :

idp.authn.LDAP.userFilter= (mail ={user})

But still, users are not authenticating with the email address with the
wrong password. Whereas the same password is working with samAccountName.

*Waqas Ahmed Khan*
p: +923212608044
Skype: waqas-ahmed00 <waqas.ahmed0 at gmail.com>
waqas.ahmed0 at gmail.com

[image: LinkedIn] <http://pk.linkedin.com/pub/waqas-ahmed-khan/15/96a/39a/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180712/87404066/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 2290 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20180712/87404066/attachment.gif>

More information about the users mailing list