Typically, Identity Server uses the username to find a user in a user store. You can change this behavior by using the Query property. This property determines the username value for authentication. The default Query string prompts users for the value of the CN attribute. You can modify this by requesting a different attribute in the LDAP query. The values are case-sensitive. The property name must be Query with an initial capital.
You can use the Query property with the following classes:
BasicClass
PasswordClass
ProtectedBasicClass
ProtectedPasswordClass
Example: Use the following Query to prompt users for the UID attribute instead of username:
|
Property Name: Query |
|
|
Property Value: (&(objectclass=person)(uid=%Ecom_User_ID%)) The default login.jsp uses %Ecom_User_ID% variable for the username in four classes that support this property. The variable is replaced with the value a user enters for username, and the LDAP query is sent to the user store to see if this value matches the entered value. You can specify any attribute for the query that is defined in your user store for the object class of person and that is used to identify users. The query for BasicClass and ProtectedBasicClass must use the attribute that users define as their username. This is not required for PasswordClass and ProtectedPasswordClass. |
Example: Use the following Query to prompt the users for their email address instead of username:
|
Property Name: Query |
|
|
Property Value: (&(objectclass=person)(email=%EMail Value%)) The %EMail Value% must match the variable in the custom login page that is filled in when users enter their credentials. The objectclass value must be a valid object class in the LDAP user store. The email attribute must be a valid attribute of the person class. When you specify a query, you must modify the login page to prompt the user for the correct information. Instead of username, the login form must prompt the user for an email address. |