Using SAMAccountName to Login to ADFS in Windows Server 2012R2/2016

When setting up Active Directory Federation Services (ADFS), by default it requires that users log in using their User Principal Name (UPN) or using DOMAIN\username. However this can be confusing to users, especially when you're in a single domain environment.

It took me way longer than it should have to figure out how to accomplish this. Hopefully this will help some folks find some more recent info than all the ADFS 2.0 stuff I found.

1) First we need to create a custom theme on our parent ADFS server (as you can't edit the default theme). Open up Powershell and run:
New-AdfsWebTheme -Name custom -SourceName default

2) Export the default theme to a folder so you can modify the files:
Export-AdfsWebTheme -Name default -DirectoryPath c:\theme

3) Open up a text editor and find the file named onload.js in the c:\theme\script\ folder. Add the following code to the bottom of the file and then save:

if (typeof Login != 'undefined'){  
    Login.submitLoginRequest = function () {   
    var u = new InputUtil();  
    var e = new LoginErrors();  
    var userName = document.getElementById(Login.userNameInput);  
    var password = document.getElementById(Login.passwordInput);  
    if (userName.value && !userName.value.match('[@\\\\]'))   
        var userNameValue = '\\' + userName.value;  
        document.forms['loginForm'].UserName.value = userNameValue;  

    if (!userName.value) {  
       u.setError(userName, e.userNameFormatError);  
       return false;  

    if (!password.value)   
        u.setError(password, e.passwordEmpty);  
        return false;  
    return false;  

4) Now we need to update our custom theme with the new onload.js file by running:
Set-AdfsWebTheme -TargetName custom -AdditionalFileResource @{Uri=’/adfs/portal/script/onload.js’;path="c:\theme\script\onload.js"}

5) Lastly we need to make our new custom theme the active one by running:
Set-AdfsWebConfig -ActiveThemeName custom

Note that this entire process only needs to be done on the parent ADFS server and it will propogate the changes to the other ADFS servers almost immediately.

Source: Microsoft TechNet

comments powered by Disqus