How to Configure XTAM to support Multi-Domain Forests with AD Trusts
XTAM supports the ability to integrate with multiple domains, taking advantage of AD trusts, in order to provide login and authentication services for the application. This means a single AD integration point will allow multi-domain logins using existing trusts within Active Directory.
Default XTAM deployments are configured for both administration and user ease of use. For this purpose, it starts with using single domain configuration using sAMAccountName logins (user). However, larger or more complex AD structures exist including multi-domain forests with AD trusts. In order to support these configuration, XTAM can be configured to support these domains using UserPrincipalNames (email@example.com).
To configure integration for UPN Accounts
Login to your XTAM host server. We will need to modify two files, so make sure you have permissions on this host server to update files.
First, open the file <XTAM_HOME>/web/conf/catalina.properties in a text editor.
Within this catalina file, search for and replace the 2 references and their values to sAMAccountName with UserPrincipalName
Also within this catalina file, search for and update this parameter cas.authn.ldap.dnFormat as illustrated below
After both are replaced, save and close the file.
Finally, restart the PamManagement (Windows) or pammanger (Linux) service.