Jump to content

Recommended Posts

Posted

Hello everyone,

 

We are trying to configure TrueSSo with Azure. The Azure configuration is functional, but we are experiencing a TrueSSO issue with the UPN part.

In the AD domain we have several UPNs depending on the company's entities and we do not know how to configure everything so that it works.

My JohnH account in the AD domain ad.mycompany.com

My UPN in ad.mycompany.com JohnH@mycompany.fr

My user for Azure MFA authentication JohnH@ad.mycompany.com

 

SAML authentication works, but SAML + SSO authentication in Horizon does not work

 

[SamlAuthFilter] (SESSION:be16_***_97bf) Processing Saml Type-A Assertion [SamlAuthFilter] (SESSION:be16_***_97bf) SAML auth received a valid UPN: JohnH@ad.mycompany.com

[WinAuthUtils] (SESSION:be16_***_97bf) Sending UPN to winauth service: JohnH@ad.mycompany.com

[ProperoAuthFilter] (SESSION:be16__***_97bf) UPN optimization flow. Failed to find user using WinAuthAdAdapter. CsUpns = [JohnH@ad.mycompany.com], Exception = Failed to retrieve user information for the users with given upns: Failed to obtain sid for user - sid not available for domain ad.mycompany.com (COMPANY) - ErrorCode = 1

[NoTrustAdAdapter] (SESSION:be16_***_97bf) getUserByCertOrSamlParams(), UPNs = [JohnH@ad.mycompany.com], subjectDns = null, issuerDns = null, userNameHint = null

[ActiveDirectoryPkiManager] (SESSION:be16_***_97bf) Unable to find user, subjectDns and issuerDns not specified

[ProperoAuthFilter] (SESSION:be16_***_97bf) Error performing authentication: SAMLAuth: Error instantiating PAEContext for JohnH@ad.mycompany.com: com.vmware.vdi.adamwrapper.ad.NoTrustAuthException: Failed to find user for Certificate authentication Can we use another attribute than UPN? Or create rules in Horizon or SAML?

Posted (edited)

The title of the following article may be misleading for your particular issue, but looking at the content, maybe this can help you resolve/circumvent the issue.

Identify an AD User That Does not Have an AD UPN

I've never used it myself though.

If there is anyone else with a better solution, I'm curious to hear it.

Edited by Ivan de Mes

Ivan de Mes

EUC Architect @ Orange Business (The Netherlands netherlands-flag-png-xl.thumb.jpg.a1943fcb7e938a63e1191aae2aa31568.jpg)
EUC Expert | vExpert | Blogger | Public Speaker | Part of the Dutch vEUC TechCon leadership team

Blog: https://ivandemes.com | X: @ivandemes | Bluesky: @ivandemes.com | LinkedIn: ivandemes

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...