Sorry for the delay Andreas! This is a great idea, I've created an issue: https://issues.apache.org/jira/browse/SHIRO-871 and made a quick pass at a PR based on your patch: https://github.com/apache/shiro/pull/350
Thanks Again! On Sun, Mar 6, 2022 at 7:55 PM Andreas Reichel < [email protected]> wrote: > Compliments of the day, > > after looking up the code, I figured it out. One have to set: > > *realm.principalSuffix = @email.com <http://email.com>* > > > However, there is a caveat: The principalSuffix is ALWAYS appended, even > when the userPrincipalName ends with it already. Thus either "John.Doe" or" > [email protected]" would work, but not both correct logons. > > The attached patch fixes this and allows both "John.Doe" and also " > [email protected]" to authorise against groups. > > Best regards > > Andreas >
