Federation Manager Release Notes › Known Issues › User Directory Issues › SQL User Store Does Not Accept X.509 Subject Name as a NameID Format (100635)

SQL User Store Does Not Accept X.509 Subject Name as a NameID Format (100635)

Symptom:

An SQL user store at the relying party cannot have an X509 Subject Name specified as the NameID Format. If the X509 Subject Name is specified, user authentication fails and the error message "No User DN found in the directory" results. This authentication failure occurs only if SQL Server is the user store.

Solution:

Add the text user= at the beginning of the value you specify for the ODBC Search Specification field in the User Identification dialog.

For example, if Federation Manager looks up the user by the attribute Name, add the following string to the search specification:

user=Name=%s