herve schillinger Posted November 6 Posted November 6 Hello everyone, We are trying to configure TrueSSo with Azure. The Azure configuration is functional, but we are experiencing a TrueSSO issue with the UPN part. In the AD domain we have several UPNs depending on the company's entities and we do not know how to configure everything so that it works. My JohnH account in the AD domain ad.mycompany.com My UPN in ad.mycompany.com JohnH@mycompany.fr My user for Azure MFA authentication JohnH@ad.mycompany.com SAML authentication works, but SAML + SSO authentication in Horizon does not work [SamlAuthFilter] (SESSION:be16_***_97bf) Processing Saml Type-A Assertion [SamlAuthFilter] (SESSION:be16_***_97bf) SAML auth received a valid UPN: JohnH@ad.mycompany.com [WinAuthUtils] (SESSION:be16_***_97bf) Sending UPN to winauth service: JohnH@ad.mycompany.com [ProperoAuthFilter] (SESSION:be16__***_97bf) UPN optimization flow. Failed to find user using WinAuthAdAdapter. CsUpns = [JohnH@ad.mycompany.com], Exception = Failed to retrieve user information for the users with given upns: Failed to obtain sid for user - sid not available for domain ad.mycompany.com (COMPANY) - ErrorCode = 1 [NoTrustAdAdapter] (SESSION:be16_***_97bf) getUserByCertOrSamlParams(), UPNs = [JohnH@ad.mycompany.com], subjectDns = null, issuerDns = null, userNameHint = null [ActiveDirectoryPkiManager] (SESSION:be16_***_97bf) Unable to find user, subjectDns and issuerDns not specified [ProperoAuthFilter] (SESSION:be16_***_97bf) Error performing authentication: SAMLAuth: Error instantiating PAEContext for JohnH@ad.mycompany.com: com.vmware.vdi.adamwrapper.ad.NoTrustAuthException: Failed to find user for Certificate authentication Can we use another attribute than UPN? Or create rules in Horizon or SAML?
Dominik Posted November 7 Posted November 7 Hello @herve schillinger Yours internal ad account will have same upn like in Azure AD. Dominik Jakubowski EUC Expert | vExpert ⭐️⭐️⭐️ VDI Ninja https://vdesktop.ninja
Ivan de Mes Posted November 7 Posted November 7 (edited) The title of the following article may be misleading for your particular issue, but looking at the content, maybe this can help you resolve/circumvent the issue. Identify an AD User That Does not Have an AD UPN I've never used it myself though. If there is anyone else with a better solution, I'm curious to hear it. Edited November 7 by Ivan de Mes Ivan de Mes EUC Architect @ Orange Business (The Netherlands ) EUC Expert | vExpert | Blogger | Public Speaker | Part of the Dutch vEUC TechCon leadership team Blog: https://ivandemes.com | X: @ivandemes | Bluesky: @ivandemes.com | LinkedIn: ivandemes
herve schillinger Posted November 15 Author Posted November 15 Hello, We have solved our problem. The problem was at the level of the UPN on Prem in the Azure AD configuration. Thank you for your assistance 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now