{"id":475,"date":"2017-04-07T12:55:15","date_gmt":"2017-04-07T16:55:15","guid":{"rendered":"https:\/\/www.ccrossan.com\/blog\/?p=475"},"modified":"2017-04-07T12:55:15","modified_gmt":"2017-04-07T16:55:15","slug":"adfs-username-behavior","status":"publish","type":"post","link":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/","title":{"rendered":"ADFS Username Behavior"},"content":{"rendered":"\n<div class=\"twitter-share\"><a href=\"https:\/\/twitter.com\/intent\/tweet?via=crossan007\" class=\"twitter-share-button\">Tweet<\/a><\/div>\n<h1>Problem<\/h1>\n<p>ADFS 4.0 on Windows Server 2016 tells users to log in with their full email address &#8220;someone@example.com.&#8221; \u00a0This generates many support requests, and complaints about too much typing.<\/p>\n<p>Additionally, some extranet users may have email addresses not on the\u00a0domain, and it&#8217;s unclear which email address they should supply.<\/p>\n<p>This affects both the ADFS log in page, and the ADFS password change page.<\/p>\n<h2>Solution Methodology<\/h2>\n<p>ADFS Server 4.0 has PowerShell cmdlets to manage the content delivered to users during authentication requests: <a href=\"https:\/\/technet.microsoft.com\/windows-server-docs\/identity\/ad-fs\/operations\/ad-fs-user-sign-in-customization\">https:\/\/technet.microsoft.com\/windows-server-docs\/identity\/ad-fs\/operations\/ad-fs-user-sign-in-customization<\/a><\/p>\n<p>We&#8217;ll focus on the following<\/p>\n<blockquote><p>Get-AdfsWebTheme<\/p><\/blockquote>\n<p>and<\/p>\n<blockquote><p>Set-AdfsWebTheme<\/p><\/blockquote>\n<p>Of particular interest here is that we&#8217;re able to modify the JavaScript that runs on these pages.<\/p>\n<h3>Steps<\/h3>\n<p><a href=\"https:\/\/technet.microsoft.com\/windows-server-docs\/identity\/ad-fs\/operations\/custom-web-themes-in-ad-fs\">Use PowerShell to manage custom ADFS Themes<\/a><\/p>\n<ol>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/itpro\/powershell\/windows\/adfs\/export-adfswebtheme\">Export the Default ADFS Theme<\/a> using this snippet:\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\"> Export-ADFSWebTheme -Name &quot;Default&quot;\u00a0-DirectoryPath c:\\test<\/pre>\n<\/li>\n<li><a href=\"https:\/\/code.visualstudio.com\/\">Use your \u00a0favorite editor<\/a> to open c:\\test\\script\\onload.js<\/li>\n<li>Add the snippets from below (as desired) into onload.js<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/itpro\/powershell\/windows\/adfs\/new-adfswebtheme\">Create a New ADFS Theme <\/a>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\u00a0New-AdfsWebTheme -Name BetterDefault -SourceName c:\\test <\/pre>\n<ol>\n<li>Set your new theme as the default (best for testing)\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\"> Set-ADFSWebConfig -ActiveThemeName BetterDefault <\/pre>\n<\/li>\n<\/ol>\n<\/li>\n<li><a href=\"https:\/\/technet.microsoft.com\/en-us\/itpro\/powershell\/windows\/adfs\/set-adfswebtheme\">Alternatively, you may update an existing theme<\/a> with your code changes\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">Set-AdfsWebTheme -TargetName &quot;Default&quot; -AdditionalFileResource @{Uri=\u201c\/adfs\/portal\/script\/onload.js\u201d;Path=\u201cC:\\theme\\script\\onload.js&quot;}<\/pre>\n<\/li>\n<\/ol>\n<h1>Placeholder\u00a0Text Solution<\/h1>\n<p>To update the &#8220;someone@example.com&#8221; placeholder on both the login and the password change ADFS pages, paste this code into your onload.js, and update your ADFS theme.<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nfunction UpdatePlaceholders() {\r\n    var userName;\r\n    if (typeof Login != 'undefined'){\r\n        userName = document.getElementById(Login.userNameInput) \r\n    }\r\n    if (typeof UpdatePassword != 'undefined'){\r\n        userName = document.getElementById(UpdatePassword.userNameInput);\r\n    }\r\n    if (typeof userName != 'undefined'){\r\n        userName.setAttribute(&quot;placeholder&quot;,&quot;Username&quot;);\r\n    }\r\n}\r\n\r\ndocument.addEventListener(&quot;DOMContentLoaded&quot;, function(){\r\n  \/\/ Handler when the DOM is fully loaded\r\n  UpdatePlaceholders()\r\n});\r\n<\/pre>\n<p>&nbsp;<\/p>\n<h1>Formatting of the Username field<\/h1>\n<p>For single-domain organizations, it may be less than desirable to force users to enter the domain name as part of their username. To &#8220;fix&#8221; this requirement of entering usernames in a format of &#8220;domain\\username&#8221; or &#8220;username@domain.com&#8221;, paste the following code into your onload.js. \u00a0Make sure to update your domain where appropriate.<\/p>\n<h2>Logon Username Format Solution<\/h2>\n<p>&nbsp;<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\r\nif (typeof Login != 'undefined'){\r\n    Login.submitLoginRequest = function () { \r\n    var u = new InputUtil();\r\n    var e = new LoginErrors();\r\n    var userName = document.getElementById(Login.userNameInput);\r\n    var password = document.getElementById(Login.passwordInput);\r\n\r\n    if (userName.value &amp;&amp; !userName.value.match('[@\\\\\\\\]')) \r\n    {\r\n        var userNameValue = 'example.org\\\\' + userName.value;\r\n        document.forms['loginForm'].UserName.value = userNameValue;\r\n    }\r\n\r\n    if (!userName.value) {\r\n       u.setError(userName, e.userNameFormatError);\r\n       return false;\r\n    }\r\n\r\n\r\n    if (!password.value) \r\n    {\r\n        u.setError(password, e.passwordEmpty);\r\n        return false;\r\n    }\r\n    document.forms['loginForm'].submit();\r\n    return false;\r\n};\r\n}\r\n<\/pre>\n<h2>Password Change Username Formatting Solution<\/h2>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\n\r\nif (typeof UpdatePassword != 'undefined'){\r\n    UpdatePassword.submitPasswordChange = function () { \r\n    var u = new InputUtil();\r\n    var e = new UpdErrors();\r\n\r\n    var userName = document.getElementById(UpdatePassword.userNameInput);\r\n    var oldPassword = document.getElementById(UpdatePassword.oldPasswordInput);\r\n    var newPassword = document.getElementById(UpdatePassword.newPasswordInput);\r\n    var confirmNewPassword = document.getElementById(UpdatePassword.confirmNewPasswordInput);\r\n\r\n    if (userName.value &amp;&amp; !userName.value.match('[@\\\\\\\\]')) \r\n    {\r\n        var userNameValue = 'example.org\\\\' + userName.value;\r\n        document.forms['updatePasswordForm'].UserName.value = userNameValue;\r\n    }\r\n\r\n    if (!userName.value) {\r\n       u.setError(userName, e.userNameFormatError);\r\n       return false;\r\n    }\r\n\r\n    if (!oldPassword.value) {\r\n        u.setError(oldPassword, e.oldPasswordEmpty);\r\n        return false;\r\n    }\r\n\r\n    if (oldPassword.value.length &gt; maxPasswordLength) {\r\n        u.setError(oldPassword, e.oldPasswordTooLong);\r\n        return false;\r\n    }\r\n\r\n    if (!newPassword.value) {\r\n        u.setError(newPassword, e.newPasswordEmpty);\r\n        return false;\r\n    }\r\n\r\n    if (!confirmNewPassword.value) {\r\n        u.setError(confirmNewPassword, e.confirmNewPasswordEmpty);\r\n        return false;\r\n    }\r\n\r\n    if (newPassword.value.length &gt; maxPasswordLength) {\r\n        u.setError(newPassword, e.newPasswordTooLong);\r\n        return false;\r\n    }\r\n\r\n    if (newPassword.value !== confirmNewPassword.value) {\r\n        u.setError(confirmNewPassword, e.mismatchError);\r\n        return false;\r\n    }\r\n\r\n    return true;\r\n};\r\n}\r\n<\/pre>\n<p>Thanks for reading! \u00a0If you have any questions, feel free to send me a tweet @crossan007.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Problem ADFS 4.0 on Windows Server 2016 tells users to log in with their full email address &#8220;someone@example.com.&#8221; \u00a0This generates many support requests, and complaints about too much typing. Additionally, some extranet users may have email addresses not on the\u00a0domain, and it&#8217;s unclear which email address they should supply. This affects both the ADFS log &hellip; <a href=\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">ADFS Username Behavior<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[204,58,191,47,202,33,29,192,203,201],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ADFS Username Behavior - Charles&#039; Blog\" \/>\n<meta property=\"og:description\" content=\"Problem ADFS 4.0 on Windows Server 2016 tells users to log in with their full email address &#8220;someone@example.com.&#8221; \u00a0This generates many support requests, and complaints about too much typing. Additionally, some extranet users may have email addresses not on the\u00a0domain, and it&#8217;s unclear which email address they should supply. This affects both the ADFS log &hellip; Continue reading ADFS Username Behavior &rarr;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/\" \/>\n<meta property=\"og:site_name\" content=\"Charles&#039; Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-04-07T16:55:15+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"crossan007\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#website\",\"url\":\"https:\/\/crossan007.dev\/blog\/\",\"name\":\"Charles&#039; Blog\",\"description\":\"SharePoint | PowerShell | Exchange | SCCM | Ubuntu | PHP | JavaScript | A\/V Live Production | More...\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/crossan007.dev\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#webpage\",\"url\":\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/\",\"name\":\"ADFS Username Behavior - Charles&#039; Blog\",\"isPartOf\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/#website\"},\"datePublished\":\"2017-04-07T16:55:15+00:00\",\"dateModified\":\"2017-04-07T16:55:15+00:00\",\"author\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979\"},\"breadcrumb\":{\"@id\":\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/crossan007.dev\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ADFS Username Behavior\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979\",\"name\":\"crossan007\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/crossan007.dev\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g\",\"caption\":\"crossan007\"},\"url\":\"https:\/\/crossan007.dev\/blog\/author\/crossan007\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/","og_locale":"en_US","og_type":"article","og_title":"ADFS Username Behavior - Charles&#039; Blog","og_description":"Problem ADFS 4.0 on Windows Server 2016 tells users to log in with their full email address &#8220;someone@example.com.&#8221; \u00a0This generates many support requests, and complaints about too much typing. Additionally, some extranet users may have email addresses not on the\u00a0domain, and it&#8217;s unclear which email address they should supply. This affects both the ADFS log &hellip; Continue reading ADFS Username Behavior &rarr;","og_url":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/","og_site_name":"Charles&#039; Blog","article_published_time":"2017-04-07T16:55:15+00:00","twitter_misc":{"Written by":"crossan007","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/crossan007.dev\/blog\/#website","url":"https:\/\/crossan007.dev\/blog\/","name":"Charles&#039; Blog","description":"SharePoint | PowerShell | Exchange | SCCM | Ubuntu | PHP | JavaScript | A\/V Live Production | More...","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/crossan007.dev\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#webpage","url":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/","name":"ADFS Username Behavior - Charles&#039; Blog","isPartOf":{"@id":"https:\/\/crossan007.dev\/blog\/#website"},"datePublished":"2017-04-07T16:55:15+00:00","dateModified":"2017-04-07T16:55:15+00:00","author":{"@id":"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979"},"breadcrumb":{"@id":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/crossan007.dev\/blog\/identity-management\/adfs-username-behavior\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/crossan007.dev\/blog\/"},{"@type":"ListItem","position":2,"name":"ADFS Username Behavior"}]},{"@type":"Person","@id":"https:\/\/crossan007.dev\/blog\/#\/schema\/person\/bd99569cd81332c8fd866d023848b979","name":"crossan007","image":{"@type":"ImageObject","@id":"https:\/\/crossan007.dev\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fff72c74fb6a0da29accf0db83ad4b4b?s=96&d=mm&r=g","caption":"crossan007"},"url":"https:\/\/crossan007.dev\/blog\/author\/crossan007\/"}]}},"_links":{"self":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/475"}],"collection":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/comments?post=475"}],"version-history":[{"count":11,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/475\/revisions"}],"predecessor-version":[{"id":486,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/posts\/475\/revisions\/486"}],"wp:attachment":[{"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/media?parent=475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/categories?post=475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crossan007.dev\/blog\/wp-json\/wp\/v2\/tags?post=475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}