WSO2 identity server 5x AD user store 20 character limit and upn
Question
We are moving user stores from openldap to AD for our wso2 identity server. One problem we've identified is that the default username value, sAMAccountName, is limited to 20 characters.
Based on a bit of googling, most people in AD environments use the UPN value, in the form username@domain. However, this is not an acceptable solution for us. We do not want our users to type in username@domain. We want them to continue typing just 'username' like they are used to.
Is it possible to configure the user-mtg.xml file to append an @domain when users try to log in? Or is there a simpler way to make wso2 identity server aware of the AD domain and just 'know' to append it.
1 answers
solution1
0 2018-05-31 01:39:23
The sAMAccountName is meant to be short because users have to type it in, and the less you have to type to identify yourself, the better.
The userPrincipalName came along later. I think the idea was that it would be the same as the user's email address. That way, people just use their email address to login. Less things to remember. Microsoft does seem to be pushing this method more.
Users can use either/or to login (to a Windows machine anyway). But those are your only options, so you'll have to pick which one to advertise to your users.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.