Accept SAM-account name as a login format on the ADFS form-based password update page


If you want your users to use only their sAMAccountName to login to the ADFS form-based sign-in pages, you can do some JavaScript magic as it is described here on TechNet:

Basically it overrides the submitLoginRequest function and instead of displaying an error message when the user forgot to specify its domain (whether with the \ or with the @ sign) it will automatically add one. The problem is that this modification does not work when the user is on the password update page. If you are not familiar with the password update feature, have a quick look at this:

In a nutshell, it gives the ability for the user to update its password whether its password expired or just because the user wants to change it. It used to be working only if you the user was connected from a workplace-joined device, and now it works even if the device isn’t registered. So major improvement! The problem with that page is that the submitLoginRequest function does not exist. Hence the user will have to specify a qualified username (with the \ or the @ sign). If you want to avoid this and automatically add a domain name to it when the user doesn’t specify one, you can also do it by tricking the onload.js script but this time but overriding the submitPasswordChange function. So same method as described in the TechNet article I mentioned at the beginning of this post, but this time you add the following (after the modification you’ve done for the regular logon page):

if (typeof UpdatePassword != ‘undefined’) {
 UpdatePassword.submitPasswordChange = function () {
  var u = new InputUtil();
  var e = new UpdErrors();
 
  var userName = document.getElementById(UpdatePassword.userNameInput);
  var oldPassword = document.getElementById(UpdatePassword.oldPasswordInput);
  var newPassword = document.getElementById(UpdatePassword.newPasswordInput);
  var confirmNewPassword = document.getElementById(UpdatePassword.confirmNewPasswordInput);
 
  if (!userName.value || !userName.value.match(‘[@\\\\]’)) {
   var userName = ‘contoso.com\\’ + userName.value;
   document.forms[‘updatePasswordForm’].userNameInput.value = userName;
  }
 
  if (!oldPassword.value) {
   u.setError(oldPassword, e.oldPasswordEmpty);
   return false;
  }
 
  if (!newPassword.value) {
   u.setError(newPassword, e.newPasswordEmpty);
   return false;
  }
 
  if (!confirmNewPassword.value) {
   u.setError(confirmNewPassword, e.confirmNewPasswordEmpty);
   return false;
  }
 
  if (newPassword.value !== confirmNewPassword.value) {
   u.setError(confirmNewPassword, e.mismatchError);
   return false;
  }
 
  var error = document.getElementById(‘error’);
  error.innerHTML = ”;
  return true;
 };
}

Comments (2)

  1. ryan says:

    it works great, thank you!

  2. anonymouscommenter says:

    When you have more than one Claim Provider Trust, this is the default user experience:

    The Piaudonn

Skip to main content