Modify AD FS Login Page to Allow Username Without Domain

, ,

Once you convert Lawson to authenticate with AD FS, you may find that your users would really prefer to log in with their normal ID (as opposed to [email protected] format).  You can accomplish this by updating the login method on the AD FS home page.

 

To make these changes, begin by opening PowerShell as administrator on the AD FS server, then follow these steps.

 

Create a new theme based on the default theme:

new-adfswebtheme -name <custom theme name> -sourcename default

 

Download the new theme to a local path:

export-adfswebtheme -name <custom theme name> -DirectoryPath “<local path>”

 

Navigate to the onload.js file in the theme that you just downloaded.  Add the following code to the onload.js file.  The highlighted portion is what you will update with your company’s domain.

 

// Company customization

// accept sAMAccountName

// pass userprincipalName ([email protected])

if (typeof Login != ‘undefined’){

    Login.submitLoginRequest = function () {

    var u = new InputUtil();

    var e = new LoginErrors();

    var userName = document.getElementById(Login.userNameInput);

    var password = document.getElementById(Login.passwordInput);

    if (userName.value && !userName.value.match(‘[@\\\\]’))

    {

        var userNameValue = ‘company.com\\’ + userName.value;

        document.forms[‘loginForm’].UserName.value = userNameValue;

    }

 

    if (!userName.value) {

       u.setError(userName, e.userNameFormatError);

       return false;

    }

 

    if (!password.value)

    {

        u.setError(password, e.passwordEmpty);

        return false;

    }

    document.forms[‘loginForm’].submit();

    return false;

};

}

 

In PowerShell, upload the new onload.js file:

Set-AdfsWebTheme -TargetName TriCity -OnLoadScriptPath “c:\admin\TriCityTheme\script\onload.js”

 

Activate the custom theme:

Set-AdfsWebConfig -ActiveThemeName TriCity

 

Now, when users type in their regular username, it will be appended with “your domain\” when they click the login button.  If users type in the domain themselves (“[email protected]”), the login page will accept that value and log in the user with the userPrincipalName they provided.