We use primary and secondary authentication. Is it possible using a custom secondary auth page to retrieve the primary username and have it filled in automatically in the secondary username box?
On your Realm General page when you define the "additional authentication server" if you select "predefined as" and then put the appropriate value in the field it should automatically pull it.
This works just fine. In my demo system I have several scenarios including pulling email address from my Auth1 source and using it as my Auth2 username.
Also why are you using the % variable?
Hey MC - why do you want to do that with HTML coding? The realm/page definition supports that natively. Just set the page up to prompt for the second set of credentials on 2nd page and then on the realm definition use the predefined variable to pass the first login name over. Or am I just not understanding you correctly?
If I select the options as presented in the screenshot, will the username be auto filled in? Or can the user change this username? In my experience I think the username textbox will also be presented.
Not in this case. By selecting "predefined as" the only option presented to the user on the 2nd page will be the password option which tie back to your second authentication method. The username field does not even display.
So you should be able to accomplish your objective 100%.
can you also use an attribute as system variable. Assuming the attribute userAttr.AD_ACCOUNT is returned by the primary auth server, can this attribute be used as a system variable? If yes, i would like to use the attribute as a predefined username on the secondary auth page.
The short answer is yes - As long as the secondary attribute you want to use is available as a result of the primary authentication. As an example I have a setup where LDAP is used against an AD Server. Primary authentication is done with user name.
Secondary authentication can then be done with another attribute that will match to your secondary auth server. So in my test setup I have an auth server that uses LDAP email address. So I pass the <userAttr.Mail> in the additional auth server variable field and it works fine.