In the discussion of sssd, you say the ad provider use sAMAccountName, UPN, and email address. Can you give a reference to where in the sssd doc this is discussed? Is there an option to choose which of the three is used? Or does it try each in turn? We are using SAML to logon, but I am having trouble getting the launcher service to allow the user to launch. We are using kerberos constrained delegation, and whenI use sas.logon.kerberos, everything works fine. But the organization wants to use SAML to logon. I can get saml to allow the login. But not to launch sas studiov.
... View more