Hi,
I’m using PI with multiple realms, Login is normally performed with samaccountname. Now I have the requirement to authenticate users with the UserPrincipleName which contains an @-sign.
The login via RADIUS is no problem, I made a script to add the realm to any username from specific IPs, so login is made as user@domain@realm which is working perfect.
Unfortunately the login in the WebUI is not controllable this way. So I thought, if I add the realm as dropdown in the webui-policy, PI would not split the username at the @ when a realm is selected. But it looks like, the dropdown is just for convenience…
Is this baviour a bug or works-as-designed?
Is it possible, to change the split-character from @ to something other, like § or &?
but if the domain and the realm from the dropdown are the same, just user and realm are sent, the domain is stripped of or the value from the dropdown is not used.
Is there a possibility to set a realm from the dropdown-list as the default?