How can I disable auto-filling of the username on my realms?

Follow
    Applies to:
  • SecureAuth Identity Platform
Deployment model:
  • Hybrid
  • Version Affected:  22.12 Hotfix 3+

    Description:  

    When hitting a realm which includes the username in the query string, SecureAuth will auto-populate said username in the username field of the login page.

     

    Cause:  

    This was an added feature in 22.12 Hotfix 3 and newer versions, but some customers would rather this not occur on their realms for different reasons.

     

    Resolution:  

    In order to stop this feature, an admin will have to create an IIS rewrite rule to wipe out the Username= portion of the URL. Here are the steps to configure the IIS Rewrite Rule properly:

    Open Internet Information Services (IIS) Manager

    Browse to:
    <Server Name>\Sites\Default Web Site

    In the right pane, double click on Rewrite

    In the Actions pane, click on 'Add Rule(s)...'

    Select 'Blank rule' and click OK

    Give the rule a Name

     

    In the 'Match URL' section

    Set 'Requested URL' to 'Matches the Pattern'

    Set 'Using' to 'Regular Expressions'

    Set 'Pattern' to:
    (.*)

    In the 'Conditions' section, click 'Add'

    Set the 'Condition input' to '{QUERY_STRING}'

    Select 'Matches the pattern'

    Set 'Pattern' to:
    (.*)(&username=[A-Z0-9._%+-]+%40[A-Z0-9.-]+\.[aA-zZ]{2,})(.*)

    In the 'Action' section

    Set 'Action type' to 'Rewrite'

    Set the 'Rewrite URL' to {R:0}?{C:1}{C:3}

    Uncheck the 'Append query string'

    In the 'Actions' page, click on 'Apply'

     

    Special Considerations (optional as needed):  

    Setting this at the Default Website will roll the change to all sub-Applications. If the above is only required for certain realms, add the above to each realm which requires the username to be removed from the URL.

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    1 comment
    • If you only want to stop email addresses from showing up on the login screen and strictly use the username, I used a pattern like this;
      (.*)(%40EMAILURL.COM{1,})(.*)

      Where EMAILURL.COM is your email domain name.
      The result on my system is that it leaves the username intact.

      0
      Comment actions Permalink

    Please sign in to leave a comment.