Username retrieval from an AWS Appstream 2.0 application with SAML integration

Question

We are in the process of integrating SAML authentication for an application we deploy on AWS Appstream 2.0. We expected to keep receiving the original username in the AppStream_UserName environment variable, but we are getting an id or token. Is there any way we can use it to retrieve the original username from our application, which is a classic .NET desktop application? We are using Keycloak as identity provider.

I'm aware of the answer in How do I get the current user from within an AWS AppStream?, but we are likely to have tens if not hundreds of users and, if I understood the answer correctly, it would complicate user management considerably.

score 0 · Accepted Answer · answered Jul 13 '21 at 07:29

It turns out that the username format is not defined by either SAML or Appstream, but is in fact a Keycloak setting. The SAML Client configuration page has a Name ID Format field which may be set to either username or email to obtain a familiar value. You may need to also set the Force Name ID Format toggle to override request-level policies.

Username retrieval from an AWS Appstream 2.0 application with SAML integration

1 Answers1