Forum Discussion
Stanislas_Piro2
Apr 21, 2016Cumulonimbus
Hi,
If you configured SSO with Kerberos, requirements are:
- SSO username must be the sAMAccountName user attribute
- session.logon.last.domain must be configured with domain FQDN
to authenticate with UPN with AD Auth, you can configure a AD query first with:
- UserPrincipalName=%{session.logon.last.username}
-
attributes :
- samaccountname
- memberof
Then Configure a variable assign to :
- assign session.logon.last.username with AD attribute sAMAccountName.
- assign session.logon.last.domain with variable session.ad.last.actualdomain
After this box, you can authenticate user based on the new username variable, and Kerberos is configured with expected variables.