ADFS configuration with APM fails when SAM and UPN are NOT identically
Hi guys,
just if somebody has an idea about this. We have a customer who is using an adfs setup together with apm. For older users upn and sam account name are not the same, for newer users they are the same. Now only the new users can logon and older users get a popup and failing after 3 attempts...anybody has ever seen this? some configuration:
apm policy agent aaa-ldap /Common/ACCESS_PROFILE_XXX_act_ldap_auth_ag { filter "UserPrincipalName=%{session.logon.last.username}" search-dn dc=limbour,dc=be server /Common/PROVLIMB_LDAP type auth } apm policy agent ending-allow /Common/ACCESS_PROFILE_XXX_end_allow_ag { } apm policy agent ending-deny /Common/ACCESS_PROFILE_XXX_end_deny_ag { customization-group /Common/ACCESS_PROFILE_XXX_end_deny_ag } apm policy agent logon-page /Common/ACCESS_PROFILE_XXX_act_logon_page_ag { customization-group /Common/ACCESS_PROFILE_XXX_act_logon_page_ag } apm policy agent variable-assign /Common/ACCESS_PROFILE_XXX_act_sso_credential_mapping_ag { type sso-cred-mapping variables { { expression "mcget {session.logon.last.username}" varname session.sso.token.last.username } { expression "mcget {session.logon.last.password}" varname session.sso.token.last.password } } }