Are you saying you have configured AD as a single user store, and can login with domain friendly name, or are you saying in IS you have configured each AD OU as a user store and you can login with domain friendly name ?
If its the first one then I think it breaks the assumption in IS that there can't be duplicate usernames. So you can't do that. You may have to go to option 2. In IS you can mount each of these OUs as user stores. And we will allow to authenticate users without the domain name. At the user.core level we set the authenticated user store as a thread local property. So you can get it from there if you are using something like UserStoreManager to authenticate. If you are using some other protocol like SAML2 SSO or OpenID Connect, then we would send that domain name as part of the username even if you have logged in with domain friendly name. I am not clear which case you are talking about. If its case one which is a AD feature, then IS can't recognize that. If its case 2, then its a IS feature, and we do give back the domain name. Regards, Johann. On Thu, Feb 25, 2016 at 11:01 AM, Kamidu Punchihewa <[email protected]> wrote: > Hi IS Team, > > When Using an AD with multiple organisation units as the user store, users > can login with the Doman Friendly user name. > For example there are two users in two different organisation units as > given below. > > - STAFF.WSO2.COM/user > - MOBILE.WSO2.COM/user > > Both of these users can login just using "user" as the username. > Is this the expected behaviour? > If this is the expected behavior, is there a way to identify the correct > user from these two users when they use the Domain friendly username to > login? > > Thanks and Best Regards. > Kamidu Sachith Punchihewa > *Software Engineer* > WSO2, Inc. > lean . enterprise . middleware > Mobile : +94 (0) 770566749 <%2B94%20%280%29%20773%20451194> > > > Disclaimer: This communication may contain privileged or other > confidential information and is intended exclusively for the addressee/s. > If you are not the intended recipient/s, or believe that you may have > received this communication in error, please reply to the sender indicating > that fact and delete the copy you received and in addition, you should not > print, copy, retransmit, disseminate, or otherwise use the information > contained in this communication. Internet communications cannot be > guaranteed to be timely, secure, error or virus-free. The sender does not > accept liability for any errors or omissions. > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Governance Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
