Which Active directory attribute does ADFS 2.0 use to authenticate a user


  • Hi All,

    I am using ADFS 2.0 in my application.

    I want to know what field or fields in active directory is used by ADFS to authenticate  a user in active directory.

    I suppose  sAMAccountName or  userPrincipalName from activedirectory are used by ADFS.

    Please if anyone could put more light on this topic and tell me how I can restrict ADFS 2.0 to Always Authenticate by a specific active directory field like 'userPrincipalName' only and not by any other.

    Thanks in advance.

    Monday, February 27, 2012 6:32 PM

All replies

  • Hi sunil_explorer1,

    I am moving your thread into the Claims based access platform (CBA), code-named GenevaForum for dedicated support.

    Thanks for your understanding.

    Best Regards,

    Jack Zhai [MSFT]
    MSDN Community Support | Feedback to us

    Tuesday, February 28, 2012 6:28 AM
  • I'm a little confused by your question. Active Directory uses Windows Authentication, which uses sAMAccountName for authentication.

    What are you experiencing that has the user identity comparing to another field?

    Developer Security MVP | www.syfuhs.net

    Tuesday, February 28, 2012 8:27 AM
  • The ADFS sign in site is configured for Windows authentication. So normal authentication mechanisms are used - no LDAP queries.

    After authentication the SAM account name is used to query AD (if configured) for attributes.

    Dominick Baier | thinktecture | http://www.leastprivilege.com

    Tuesday, February 28, 2012 1:51 PM