问题描述

下午好，

我有一个有趣的难题，我希望有人曾经遇到并解决过.  

 I have an interesting dilemma which I am hopeful someone has encountered and resolved previously.  

出于安全考虑，我们被要求为通过VPN从异地进入场的用户建立ADFS连接.  已在我们的测试环境中进行了配置，并且在大多数情况下，无论是在现场还是在异地运行都很好 用户.但是，在启动2013年工作流程时遇到了一个问题.  

For reasons of security we have been asked to establish an ADFS connection for users entering the farm from off-location through VPN.  This has been configured in our test environment and for the most part is working well for both on-site and off-location users.  An issue however is being experienced with initiation of 2013 workflows.  

此问题的根本原因是ADFS和常规用户都从活动目录的同一分支中被拉出.  工作流程启动时，由于以下错误而挂起:找到多个具有propertyName'SPS-UserPrincipalName'的用户配置文件 达到指定值   我们的团队无法控制AD，我们也无法请求对其进行更改，例如将外部用户放入另一个分支.  

Root cause of this is that both the ADFS and regular users are being pulled from the same branch of the active directory.  When a workflow initiates it suspends due to an error of: Multiple User Profiles found with propertyName 'SPS-UserPrincipalName' of specified value     Our team does not control the AD, nor can we request changes to it such as putting external users into another branch.  

是否有一种方法可以更改工作流引擎和/或应用程序安全性检查，以注销SPS-UserPrincipalName以外的其他属性.  例如:AccountName?

Is there a way to change the workflow engine and/or app security checking to key off a property other than SPS-UserPrincipalName.  For example: AccountName?

推荐答案

这篇关于用户配置文件服务的唯一性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！