ADFS 2019: Allow logon with sAMAccountName

by Patrik Kernstock · Published 9. June 2021 · Updated 24. July 2022

This post was published 1 year 11 months 18 days ago, so the post may be outdated.

Active Directory Federation Services (ADFS) allows plenty of customizations when it comes to the website theme.

One specific customization allows the logon using just the sAMAccountName (e.g. awesome-admin) instead of the UPN (User Principal Name) (e.g. awesome-admin@example.com), by modifying the behavior via a few lines of JavaScript code. However this implementation does not work with ADFS 2019 anymore, as this release ships with a completely new default theme.

I’ve modified the code to work for the latest ADFS2019 theme.
Follow following steps to implement this:

Clone the default template: (only needed to be done once)

New-AdfsWebTheme –Name custom –SourceName DefaultAdfs2019

Export the new custom theme:

Export-AdfsWebTheme –Name custom –DirectoryPath c:\theme

Open onload.js in any editor of your choice (notepad does the job as well)
APPEND the content from onload.add.js from below GitHub repository to onload.js AT THE END:
https://github.com/patschi/adfs-themes/tree/master/remember-user-and-auto-domain

Save the modified onload.js command:

Set-AdfsWebTheme -TargetName custom -OnLoadScriptPath "c:\theme\script\onload.js"

Change the current default template: (only needed to be done once)
```
Set-AdfsWebConfig -ActiveThemeName custom
```

Hope this helps someone!

Changelog

2022-07-24: Based on Martins feedback from the comments I have added support for "Update Password" page. Also the entire code base was reworked and code moved to GitHub.

Tags: AD FS ADFS onload.js Windows Windows Server

Patrik Kernstock

May I introduce my self? I am Patrik Kernstock, 25 years old, perfectionist, born in Austria and living in Ireland, Cork. Me explained in short: Tech- and security enthusiast, series & movies junky. Interesting in Linux, Container-stuff and many software solutions by Microsoft, Veeam and VMware.

0 0 votes

Article Rating

This site uses Akismet to reduce spam. Learn how your comment data is processed.

5 Comments

newest

oldest most voted

Inline Feedbacks

View all comments

Florian

1 month ago

Hey man! First thank you for your code, sadly in my case it just works for the “update password” page. If i want to login at https://adfs.xxx.xx/adfs/ls?version=1.0&action=signin it still prompts me for my domain. I did it multiple times but cant find a mistake or a solution. Maybe you got any idea?

Mike

5 months ago

This is exactly what I was looking for – kept striking out with the old code on the Microsoft site. Thanks a bunch!

Trevor

6 months ago

Just want to thank you Patrik! We just upgraded our farm and was stuck on this, my team and I thank you!

Martin

11 months ago

I have been googling for HOURS to find someone who wrote update code!!! THANK you!!!

Now… Can you PLEASE write updated code for the password reset page? that still wants the DOMAIN\UN or UN@domain.com 🙁

Patrik Kernstock

Author

Reply to Martin

10 months ago

Hi Martin. Thanks for the kind words! I’ve updated the code to also support ‘Update Password’ page, and many other changes. I have updated the blog page accordingly.

ADFS 2019: Allow logon with sAMAccountName

categories

search

ADFS 2019: Allow logon with sAMAccountName

Changelog

categories

tags & search

search