Selected username format to be domain\sam but it imported domain-sam

Kentico / ADImport

Kentico Xperience Active Directory Import Utility is an application which allows importing of users and groups (roles) from Active Directory into Kentico Xperience.

https://www.xperience.io

MIT License

3 stars 2 forks source link

Selected username format to be domain\sam but it imported domain-sam #15

Closed shivinders closed 6 years ago

shivinders commented 6 years ago

Selected username format to be domain\sam but it imported domain-sam. Is this a bug or I did something wrong?

petrsvihlik commented 6 years ago

This is intentional. Usernames in Kentico support only characters that are valid in URLs. All invalid characters are replaced with a dash (or a character configurable in web.config).

https://docs.kentico.com/k11/references/reference-web-config-application-keys#Reference-Web.configapplicationkeys-Settingsforforbiddencharactersinuserandrolenames

shivinders commented 6 years ago

Kudos to flexibility in Kentico. These options in web.config are amazing!

My question is how is the replacement of / with - supposed to work with claims based authentication? We have an ADFS server which is sending the samaccountname in the domain\sam format. After running ADImport tool, how will Kentico make a decision that eagle\jdoe the ADFS sends is the same guy as eagle-jdoe that ADImport created?

petrsvihlik commented 6 years ago

One solution would be to implement a custom (claims-based) authentication module, run the username through ValidationHelper.GetSafeUserName() method, and match it with user in the database.

shivinders commented 6 years ago

But why are we supposed to go through the hassle in the first place :) I think it would be easier if the domain name is stripped out from the claim altogether. And ADImport as well.

petrsvihlik commented 6 years ago

You can choose to import just SAM and omit the domain name. Isn't that what you need?