Security Analytics 10.4.X, 10.5.0.X: unable to login with a user upn name that exceed 20 characters when using external AD auth
RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Server RSA Version/Condition: 10.4.1X, 10.5.0.X Platform: CentOS
When using AD external authentication with "userPrincipalName" as the user login attribute, if the upn username exceeds 20 characters, Security Analytics fails to authenticate the user.
To see this issue, create an AD user with a username greater than 20 characters. An example would be the upn of myBigLongUserNameIsVeryLong@mydomain.com. The username is myBigLongUserNameIsVeryLong, the domain suffix for the upn is mydomain.com and the @ is a delimiter. Although the username entered is correct, SA cannot resolve the name when it is above 20 characters, and the authentication fails. Note that the samAccountName by default is restricted via AD schema in AD to 20 characters, but the username portion of the upn in AD has no such restriction. As well, the internal database for SA also imposes no restriction.
This has been determined to be flawed functionality in version 10.X through 10.5.0.X