ADFS 2019: Allow logon with sAMAccountName
Active Directory Federation Services (ADFS) allows plenty of customizations when it comes to the website theme.
One specific customization allows the logon using just the sAMAccountName (e.g. awesome-admin) instead of the UPN (User Principal Name) (e.g. awesome-admin@example.com), by modifying the behavior via a few lines of JavaScript code. However this implementation does not work with ADFS 2019 anymore, as this release ships with a completely new default theme.
I’ve modified the code to work for the latest ADFS2019 theme.
Follow following steps to implement this:
-
Clone the default template:
New-AdfsWebTheme –Name custom –SourceName DefaultAdfs2019 -
Export the new custom theme:
Export-AdfsWebTheme –Name custom –DirectoryPath c:\theme -
Modify
onload.jsand add following content:if (typeof PaginationManager != 'undefined') { PaginationManager.validateAndNext = function () { var u = new InputUtil(); var e = new LoginErrors(); var userName = document.getElementById(Login.userNameInput); if (userName.value && !userName.value.match('[@\\\\]')) { userName.value = userName.value + '@example.com' } if (!userName.value && !userName.value.match('[@\\\\]')) { u.setError(userName, e.userNameFormatError); return false; } _self.updatePagesWithUsername(userName.value); u.clearError(); if (_self.options.currentPageIndex + 1 >= _self.options.pages.length) { // POST back to ADFS since there are no more pages to go to document.forms['loginFormPaginated'].submit(); return true; } else { _self.displayNextPage(); } return true; } } -
Save the modified
onload.jscommand:Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js" -
Change the current default template:
Set-AdfsWebConfig -ActiveThemeName custom
Hope this helps someone!
