Hi
We’re still on Shib 2.
We’ve moved our Office 365 over to full cloud authentication which requires users to enter upn as the login credential. We’d like to bring shibboleth into line (probably making it ambidextrous, both cn and upn). Having dug around and
tried it on our test one it looks like it’s just a matter of change:
Login.config, Change
userFilter="cn={0}" to userFilter="(|(userprincipalname={0})(cn={0}))"
resolver.xml, in the ldap data connector Change
<dc:FilterTemplate>
<![CDATA[
(cn=$requestContext.principalName)
]]>
</dc:FilterTemplate>
To:
<dc:FilterTemplate>
<![CDATA[
(|(userprincipalname=$requestContext.principalName) (cn=$requestContext.principalName))
]]>
</dc:FilterTemplate>
Everything seems to work ok, eptid which is based against an immutable value is not affected and you can now login with just CN or UPN. Can anyone think of anything else that might be affected by doing this? Everything we’re releasing
comes from the ldap lookup and doing a couple of tests everything looks OK.
Can anyone think of anything I’ve missed?
Cheers
Andy Swiffin
Dundee