PhenixID DocumentationPhenixID Authentication ServicesSolutions FederationFederation - Add configuration to fetch information from request to Authenticator (Office365)

Federation - Add configuration to fetch information from request to Authenticator (Office365)

This document is written for PhenixID Server.

The reader should have some basic knowledge about PhenixID Server.

This document describes how to configure the system to use the incoming username attribute from Office365 into a Username Password authenticator so that the user only will have to enter password.

The function is possible to use in other SAML authentication methods or use other attributes in the request from other applications.

Prerequisites

- Setup any authentication federation scenario using guides in Configuration Manager

- Authentication Server version 3.3 or higher required

Add information to the Authenticator

Log in to the configuration UI, go to the "Advanced" tab

Modify the authenticator and add the code below
The example is based on the PostUidAndPasswordSAML authenticator but any SAML authenticator is possible to use.

The template name & attribute name can be altered to your needs.

			"loginTemplate": "loginO365.template",
			"attributesFromRequest": "username",
			"sessionValues": [
				"username"
			]

Stage & Commit the changes

Create a new template file

Browse to the folder where the templated exists.
/PhenixID/ServerX.X/mods/com.phenixidentity~auth-http~X.X/templates/

Copy the login.template file to loginO365.template

Modify some code in the template below

<!-- Main Content :: Username Input -->
<fieldset>
     <input tabindex="0" autofocus="true" class="form-control" id="username" required="" autocomplete="off" autocorrect="off" aria-label="{{login.messages.username}}" autocapitalize="off" spellcheck="false" name="username" type="text">
     <label for="username">{{login.messages.username}}</label>
</fieldset>
<!-- Main Content :: Username Input -->

<!-- Main Content :: Password Input -->
<fieldset>
     <input tabindex="auto" class="form-control"  autocomplete="off" required=""  aria-label="{{login.messages.password}}" name="password" type="password">
     <label for="username">{{login.messages.password}}</label>
</fieldset>
<!-- Main Content :: Password Input -->

Make following changes to the Username input part.

Remove:
autofocus="true"
Add:
disabled=""
value={{username}}

Make following changes to the Password input part.

Add:
autofocus="true"

After changes the selected code should look like this.

<!-- Main Content :: Username Input -->
<fieldset>
    <input tabindex="0" class="form-control" id="username" required="" autocomplete="off" autocorrect="off" aria-label="{{login.messages.username}}" autocapitalize="off" spellcheck="false" name="username" disabled="" value={{username}} type="text">
    <label for="username">{{login.messages.username}}</label>
</fieldset>
<!-- Main Content :: Username Input -->

<!-- Main Content :: Password Input -->
<fieldset>
     <input tabindex="auto" autofocus="true" class="form-control" autocomplete="off" required=""  aria-label="{{login.messages.password}}" name="password" type="password">
     <label for="username">{{login.messages.password}}</label>
</fieldset>
<!-- Main Content :: Password Input -->

Verification

Wen you now login to Office 365 and get a redirect to PAS. The following changed should appear.
The login page should show the entered email entered at the Microsoft page in the username field.
The username filed should be read-only and the Password field should be activated.