Author Topic: SamAccountName instead of UPN for Windows Authentication (Read 8032 times)

SundeepK · « **on:** November 26, 2020, 01:14:40 pm »

Hi,

Till v15.1, the Sparx EA instance stored SamAccountName for user logons via Windows authentication.
Since the upgrade to v15.2, it is storing UPN for all new users added.

Has anyone experienced this or has a workaround/resolution?
Thanks.

Regards,
Sundeep

OpenIT Solutions · « **Reply #1 on:** November 26, 2020, 11:47:48 pm »

Are you using the latest release of 15.2 from last month ? I think I saw a new feature which uses both/either. We need the samAccountName. I spotted in 15.1 with its nice auto AD sync options it was pulling back the UPN - which was no good for us. I believe the new feature in the latest release of 15.2 is a fix for this - but have not tested yet.

Geert Bellekens · « **Reply #2 on:** November 27, 2020, 12:17:39 am »

We just upgraded from 15.1.1529 to 15.2.1555, and we use windows authentication (groups linked to AD groups, so no manual import procedures)

Any idea how I can check if this is a problem for me?

Geert

OpenIT Solutions · « **Reply #3 on:** November 27, 2020, 01:17:03 am »

Hi Geert,

I guess you could add a new users to a group, then manually 'sync' them in via the Security -> Groups dialogue - then check what is used as the user loginname on the Security -> users dialogue. I'm going to run some tests myself today/tomorrow before I start the packaging of the upgrade for my users - so i'll feedback results of those tests.

Regards,

Jon.

OpenIT Solutions · « **Reply #4 on:** November 27, 2020, 09:35:02 pm »

Hi,

Tested this on the latest build. Not sure what's happening behind the scenes now - but it works for us. If i add an Ad group and sync user logins are added as UPN as in prior builds of 15.x. SSO then didn't work for us as our AD setup uses samAccountName - however SSO now works for us. Also if i set the auto create user option and remove a member of the group from sparx - then log in as that user their sparx user ac is auto created - so all perfect for us now.

Geert Bellekens · « **Reply #5 on:** December 16, 2020, 11:24:50 pm »

Damn, we ran into this problem anyhow.

One of our users has an email addres with 35 characters (somehting like) [email protected]
When he tries to login EA automatically creates his user because he is part of the correct AD group, and he is granted access.

So far so good.

But the problem is that EA only stores the first 32 characters of the email address as login: [email protected]

So the next time he opens the model EA doesn't recognize the user, and creates a new user.

And if this user had applied a userlock in a previous session, he is now locked out because of his own lock (registered to a different identical record)

Geert

Geert Bellekens · « **Reply #6 on:** December 16, 2020, 11:45:56 pm »

See also: https://www.sparxsystems.com/forums/smf/index.php/topic,45342.0.html

Geert

Sunshine · « **Reply #7 on:** December 17, 2020, 09:12:29 am »

Interesting to hear about that. At present we are on 15.1 using SamAccountNames for authentication and haven't hit any problems.

Sparx Systems Forum

News: