User account via ADFS SAML - "Display name" field

hello,

at the moment we are facing the problem with nextcloud user accounts which are provisioned via SAML over an MS ADFS server.
The provisioning and NV login works quite well. The problem is that the full name (given name, surname) is not filled in the “Display name” field of the user accounts.
Does anyone know the correct config for our ldap --> nc translation in the claim policy for this field?
At the moment we only have the login name of the account in both fields, in username and display name.

thx

kind regads

Hello,

I had the same issue. I’m using Keycloak as the IdP (bound to internal AD). Here is what I had to do to get the Full Name to appear correctly.

In Keycloak, under User Federation and in the LDAP setup created, I created a Mapper called “fullname” as a “user-attribute-ldap-mapper”. User Model Attribute setting as “fullname” and the LDAP Attribute as “cn”.

Under the Client section, Mappers tab, a mapper was created called “fullname” using protocol “saml”. Mapper Type was set to “User Attribute”. This is what allowed the proper full name to get pulled from LDAP as I was previously using “User Property”. User Attribute, Friendly Name, and SAML Attribute Name were all set to “fullname”.

In Nextcloud SSO & SAML Authentication, Attribute Mapping, the setting for Attribute to map displayname to is set to “fullname”.

I did a resync of users in Keycloak and when I logged into Nextcloud with SSO & SAML, the full name of my user diplayed properly.

I hope this can translate to your environment.

Hey guys, hope you are both doing well…

What I recommend you to do, it’s to use the “sAMAccountName” variable.

If that’s not what you are trying to do, please tell me.

The sAMAccountName would give the username “test.user” instead of the Full Name of “Test User”. At least in my LDAP/AD environment.

1 Like

Oh, now I understand what you mean, sorry about that.

I had the same issue and I think that’s actually a bug with AD.

One solution that I found, was to insert a note in AD of the user/group with their full name and in the Integration AD/LDAP app on my Nextcloud, I used the variable “note”.

That worked for me.

PS.: I know the best way would be to use it with the full name default AD option, but while the bug remains, that works.

Have a nice weekend, hope that I was helpful.

:smiley:

Hi,

thank you for the further suggestions.
Meanwhile we are using NC 20.0.8 and I did some more tests regarding this problem.
On the ADFS Server I changed the LDAP translation settings to the following:

LDAP “Display-Name” → to Outgoing Claim “displayname”

In NC at the " SSO & SAML authentication" config I added the “displayname” under the Attribute mapping in the field “Attribute to map the displayname to.”

After Logging in to the NC site von an AD Account the full user name was added to the NC account!
So now everything works quite well now.

1 Like