Last Modified: Apr 23, 2026
Affected Product(s):
F5OS F5OS-A
Opened: Jan 22, 2026 Severity: 2-Critical
Authentication using userPrincipalName is not enabled by default in F5OS.
Authentication using userPrincipalName will fail in F5OS for active directory based remote authentications.
In F5OS, When configured active_directory to true and trying to authenticate the user with userPrincipalName instead of sAMAccountName will fail.
1. Configure login-attrribute to userPrincipalName from ConfD CLI as below: system aaa authentication ldap login-attrribute userPrincipalName 2. For client based UPN authentication - a. Client Certificates should have been generated using UPN name b. Configure in which field we need to fetch username in confd via "system aaa authentication clientcert config client-cert-name-field" c. Configure login-attribute as userPrincipalName in confd via "system aaa authentication ldap login-attrribute userPrincipalName" Note: We can configure login-attribute via confd cli or restconf api. In this release there is no support to configure login-attribute from GUI.
None