Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

UAC for user names including "@" symbol and realm suffixes

papageno_
Contributor
‎01-05-2012 04:19:AM
‎01-05-2012 04:19:AM

UAC for user names including "@" symbol and realm suffixes

Hi

We are implementing UAC with multiple realms. One of the realms will be for external users to be authenticated via Eduroam, and these users will have a user ID in the form "[email protected]".

When we try to configure a new realm for these users in UAC v4.1, the problem that we run into is that UAC interprets the "@" symbol in the user name as a realm separator, and tries to match everything to the right of the symbol as a realm name. Is there any way to get UAC not to do this, but to interpret the whole string as a realm name? We can get around the issue of realm identification by making the Eduroam realm the first match in the list, and forcing all other users of the same protocol set to specify their realm name as a "true" suffix.

Any suggestions gratefully accepted.

0 Kudos
4 REPLIES 4
papageno_
Contributor
‎01-05-2012 09:43:AM
‎01-05-2012 09:43:AM

Re: UAC for user names including "@" symbol and realm suffixes

Oops - I meant to say

Is there any way to get UAC not to do this, but to interpret the whole string as a user name?

0 Kudos
apaul_
Regular Contributor
‎01-05-2012 07:19:PM
‎01-05-2012 07:19:PM

Re: UAC for user names including "@" symbol and realm suffixes

Hi,

What's the endpoint type, is it OAC or non-OAC or agentless access ?

What's the existing Configuration for User Sign In Policies for following

  • User may specify the realmname as a username suffix check box
  • Remove realm suffix before passing to authentication server check box

Thanks

0 Kudos
Raveen_
Regular Contributor
‎01-05-2012 08:11:PM
‎01-05-2012 08:11:PM

Re: UAC for user names including "@" symbol and realm suffixes

If my understanding is correct, you are hitting the correct realm but you are seeing user name to be stripped.

Have you checked "User may specify the realm name as a username suffix"

and "Remove realm suffix before passing to authentication server" in sign-in URL?

If my understnading is wrong, could you tell me how many realms that you have configured in sign-in url with names.

And explain the use-case in detail with example, so that, it would be easy to understnad your use-case.

Regards,

Raveen

0 Kudos
papageno_
Contributor
‎01-06-2012 03:43:AM
‎01-06-2012 03:43:AM

Re: UAC for user names including "@" symbol and realm suffixes

We are not hitting the correct realm.

We have a number of realms already configured, and all of these realms allow the user to name the realm as a suffix to the user name. The new Eduroam realm does not allow users to suffix the realm. If we enabled that option, the users could potentially supply credentials in the form

[email protected]@realm

Even if this works, which it doesn't, we can't implement it this way because the Eduroam rules mandate that users must be able to authenticate with just their Eduroam credentials, i.e.

[email protected]

We cannot mandate that users have any additional software installed, so the use cases are either for 802.1X authentication from generic (Microsoft, etc.) supplicants, without OAC or Pulse, or failing 802.1X, from the captive portal..

There are a number of other realms, with similar use cases, so we have to be able to distinguish Eduroam users who must not add a realm suffix from other realm users.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.