aad-auth
aad-auth copied to clipboard
ubuntu
Configurable username AAD attribute
In https://github.com/ubuntu/aad-auth/blob/01c88d4ebaecd8ac0b79a44b678fe13f4b6de76f/README.md#L75-L80 we see, that the home folder path is configurable.
Can the username itself be configurable as well? IIRC currently the UPN is taken. In our company the UPN is changing in certain scenarios, therefore it's not ideal. This doesn't happen daily, but often enough to bug quite a lot of people. For example name changes due to marriage/divorce usually trigger this.
If we can configure, which user object attribute is being taken as user name, this would suit our needs better to provide a stable AAD wide unique username.
As a compromise, I think it's okay to identify the user by UPN during initial login. It just would be nice if the attribute (instead of the UPN) could be configurable determining the value to be taken when the users home dir is created and $USER is defined.
In the current version, we don’t have access to any additional information from the MSAL API from the user. This is definitively on a longer term roadmap as your use case is definitively valid.
This sounds like upstream MSAL is to be changed first. Can you give me pointers where to look at?
Sure, we are using the Microsoft Go binding: https://github.com/AzureAD/microsoft-authentication-library-for-go. Note that for people with MFA, we need to have the whole MFA transaction succeeding first, we is on our roadmap.
would it be possible to just user the "username without domain" as the username instead of the "[email protected]"?
would it be possible to just user the "username without domain" as the username instead of the "[email protected]"?
In our companies EntraID tenant there are multiple domains so just the username would not be unique ([email protected] and [email protected]).