This article explains how to work around the 20 characters limit in the windows account name in ADFS when using SAML.
This article assumes you have already set up ADFS correctly with Qlik Sense.
In order to work around this issue, you will need to create a custom claim description.
Windows account name is limited to 20 characters length. UPN holds the full user name but also the domain name (Example: firstname.lastname@example.org).
So, the simplest is to create a custom claim and extract the string before @ from the UPN claim description.
In ADFS, in claim descriptions, choose "Add Claim Description"
Create a new claim with a name and claim type of your choice. Claim type must have the below format.
In Relying Party Trusts, choose the Reying party trust created for Qlik Sense and in the right pane, choose "Edit Claim Rules"
In the existing claim rule, create a second rule based on template "Send Claims Using a Custom Rule" with the following rule:c:[Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn", Value =~ "^.*(@).*$"]
=> issue(Type = "http://temp.org/20charname", Value = RegexReplace(c.Value, "@.*", ""));
On the Qlik Sense side, in virtual proxy settings, include the new created claim description as the SAML attribute for user ID
You should now be able to log in to the hub, the user name will be registered correctly in Qlik Sense even if it is more than 20 characters long.