You can create a custom variable based on the username attribute using regmatch. You do this in the server catalog. Once you create the custom variable you can use it in your SSO policy for the password entry. The problem you are going to have is coming up with a regular expression that matches everything except the last 6 digits in the string, assuming your passwords are not all the same length. When I've had to use this in the past there has always been a @ or \ that separated the two pieces so it was simple to create the expression.

Can you give me an example of what a password looks like and what type of SSO are you doing? We've had to do some similar things for customers.

Hi Al,

This would not work as we support the <password> variable.

User OTP as for primary authentication and AD/LDAP for secondary authentication

You can then use <password[2]> in the SSO parameters.

Regards,

Jay

Hi Jay, 

Thanks for the reply.

This is essentially what Juniper support said.

I currently have your suggested setup installed and it is working fine.

Its just that users have to enter their password&OTP and then the same password.

Its functional, its just not pretty and management arent keen on it.

Hi Filbert

AD password = Password

OTP = 123456

So the concatenated password is "Password123456"

The Juniper logon expects "Password123456"

The OWA SSO is expecting just "Password"

I am using a Remote SSO with the following variables

Destination        <OWA URL>
SubmitCreds     Logon+On 
Username          <DOMAIN>\<USERNAME>
Password           <PASSWORD>
flags flags           0 
forcedownlevel   0
trusted                  0
isUtf8                    1