APM AD authentication case-sensitivity workaround

Problem this snippet solves:

In our recent implementation of APM, we discovered that if a user starts their username with a capital letter, it will fail AD authentication. This was typically happening with phones, as those keyboards have a tendency to auto capitalize the first letter of a line. Here is the session variable macro I used to transparently solve this problem.

How to use this snippet:

Create a 'variable assignment' macro before your AD authentication step in the policy editor for APM, with the corresponding 'Custom Variables' and 'Custom Expressions'.

Code :

Assignment #1
Variable: session.logon.last.logonname
Expression: expr { "[string trim [mcget {session.logon.last.logonname}]]" }

Assignment #2
Variable: session.logon.last.logonname
Expression: expr { "[string tolower [mcget {session.logon.last.logonname}]]" }

Assignment #3
Variable: session.logon.last.username
Expression: expr { "[string trim [mcget {session.logon.last.username}]]" }

Assignment #4
Variable: session.logon.last.username
Expression: expr { "[string tolower [mcget {session.logon.last.username}]]" }

Tested this on version:

13.0
Published Jan 18, 2019
Version 1.0
active directory
APM
security

Was this article helpful?

No CommentsBe the first to comment