[blog@kernstock.net]$

patrik's playground

ADFS 2019: Allow logon with sAMAccountName

by · Published · Updated

ADFS Logon
This post was published 4 years 26 days ago, so the post may be outdated.

Active Directory Federation Services (ADFS) allows plenty of customizations when it comes to the website theme.

One specific customization allows the logon using just the sAMAccountName (e.g. awesome-admin) instead of the UPN (User Principal Name) (e.g. awesome-admin@example.com), by modifying the behavior via a few lines of JavaScript code. However this implementation does not work with ADFS 2019 anymore, as this release ships with a completely new default theme.

I’ve modified the code to work for the latest ADFS2019 theme.
Follow following steps to implement this:

  1. Clone the default template: (only needed to be done once)

    New-AdfsWebTheme –Name custom –SourceName DefaultAdfs2019

  2. Export the new custom theme:

    Export-AdfsWebTheme –Name custom –DirectoryPath c:\theme

  3. Open onload.js in any editor of your choice (notepad does the job as well)

  4. APPEND the content from onload.add.js from below GitHub repository to onload.js AT THE END:
    https://github.com/patschi/adfs-themes/tree/master/remember-user-and-auto-domain

  5. Save the modified onload.js command:

    Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js"

  6. Change the current default template: (only needed to be done once)

    Set-AdfsWebConfig -ActiveThemeName custom

Hope this helps someone!

Changelog

  • 2022-07-24: Based on Martins feedback from the comments I have added support for "Update Password" page. Also the entire code base was reworked and code moved to GitHub.

Tags:

Patrik Kernstock

May I introduce my self? I am Patrik Kernstock, 25 years old, perfectionist, born in Austria and living in Ireland, Cork. Me explained in short: Tech- and security enthusiast, series & movies junky. Interesting in Linux, Container-stuff and many software solutions by Microsoft, Veeam and VMware.

0 0 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments
newest
oldest most voted
Inline Feedbacks
View all comments
Florian

Hey man! First thank you for your code, sadly in my case it just works for the “update password” page. If i want to login at https://adfs.xxx.xx/adfs/ls?version=1.0&action=signin it still prompts me for my domain. I did it multiple times but cant find a mistake or a solution. Maybe you got any idea?

0
Reply
Mike

This is exactly what I was looking for – kept striking out with the old code on the Microsoft site. Thanks a bunch!

0
Reply
Trevor

Just want to thank you Patrik! We just upgraded our farm and was stuck on this, my team and I thank you!

0
Reply
Martin

I have been googling for HOURS to find someone who wrote update code!!! THANK you!!!

Now… Can you PLEASE write updated code for the password reset page? that still wants the DOMAIN\UN or UN@domain.com 🙁

0
Reply
Patrik Kernstock

Hi Martin. Thanks for the kind words! I’ve updated the code to also support ‘Update Password’ page, and many other changes. I have updated the blog page accordingly.

0
Reply
5
0
Would love your thoughts, please comment.x
()
x