ADFS 2019: Allow logon with sAMAccountName

ADFS Logon
This post was published 3 years 5 months 28 days ago, so the post may be outdated.

Active Directory Federation Services (ADFS) allows plenty of customizations when it comes to the website theme.

One specific customization allows the logon using just the sAMAccountName (e.g. awesome-admin) instead of the UPN (User Principal Name) (e.g. awesome-admin@example.com), by modifying the behavior via a few lines of JavaScript code. However this implementation does not work with ADFS 2019 anymore, as this release ships with a completely new default theme.

I’ve modified the code to work for the latest ADFS2019 theme.
Follow following steps to implement this:

  1. Clone the default template: (only needed to be done once)

    New-AdfsWebTheme –Name custom –SourceName DefaultAdfs2019
  2. Export the new custom theme:

    Export-AdfsWebTheme –Name custom –DirectoryPath c:\theme
  3. Open onload.js in any editor of your choice (notepad does the job as well)

  4. APPEND the content from onload.add.js from below GitHub repository to onload.js AT THE END:
    https://github.com/patschi/adfs-themes/tree/master/remember-user-and-auto-domain

  5. Save the modified onload.js command:

    Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js"
  6. Change the current default template: (only needed to be done once)

    Set-AdfsWebConfig -ActiveThemeName custom

Hope this helps someone!

Changelog

  • 2022-07-24: Based on Martins feedback from the comments I have added support for "Update Password" page. Also the entire code base was reworked and code moved to GitHub.

Patrik Kernstock

May I introduce my self? I am Patrik Kernstock, 25 years old, perfectionist, born in Austria and living in Ireland, Cork. Me explained in short: Tech- and security enthusiast, series & movies junky. Interesting in Linux, Container-stuff and many software solutions by Microsoft, Veeam and VMware.

0 0 votes
Article Rating
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments
newest
oldest most voted
Inline Feedbacks
View all comments
Florian

Hey man! First thank you for your code, sadly in my case it just works for the “update password” page. If i want to login at https://adfs.xxx.xx/adfs/ls?version=1.0&action=signin it still prompts me for my domain. I did it multiple times but cant find a mistake or a solution. Maybe you got any idea?

Mike

This is exactly what I was looking for – kept striking out with the old code on the Microsoft site. Thanks a bunch!

Trevor

Just want to thank you Patrik! We just upgraded our farm and was stuck on this, my team and I thank you!

Martin

I have been googling for HOURS to find someone who wrote update code!!! THANK you!!!

Now… Can you PLEASE write updated code for the password reset page? that still wants the DOMAIN\UN or UN@domain.com 🙁

5
0
Would love your thoughts, please comment.x
()
x