Skip to main content

이 버전의 GitHub Enterprise Server는 2023-09-12. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 성능 향상, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

외부 인증에 대한 사용자 이름 고려 사항

인증에 CAS, LDAP 또는 SAML을 사용하는 경우 GitHub Enterprise Server는 특정 규칙에 따라 인스턴스에서 각 사용자 계정의 사용자 이름을 확인합니다.

About usernames with external authentication

You can configure external authentication for GitHub Enterprise Server using CAS, LDAP, or SAML. For more information, see "About authentication for your enterprise."

When you use external authentication, your GitHub Enterprise Server instance automatically creates a username for each person when the person signs into your GitHub Enterprise Server instance through your external authentication system for the first time.

Usernames must not exceed 39 characters.

About username normalization

Usernames for user accounts on GitHub Enterprise Server can only contain alphanumeric characters and dashes (-).

When you configure CAS, LDAP, or SAML authentication, GitHub Enterprise Server uses an identifier from the user account on your external authentication provider to determine the username for the corresponding user account on GitHub Enterprise Server. If the identifier includes unsupported characters, GitHub Enterprise Server will normalize the username per the following rules.

  1. GitHub Enterprise Server will normalize any non-alphanumeric character in your account's username into a dash. For example, a username of mona.the.octocat will be normalized to mona-the-octocat. Note that normalized usernames also can't start or end with a dash. They also can't contain two consecutive dashes.

  2. Usernames created from email addresses are created from the normalized characters that precede the @ character.

  3. Usernames created from domain accounts are created from the normalized characters after the \\ separator.

  4. If multiple accounts are normalized into the same GitHub Enterprise Server username, only the first user account is created. Subsequent users with the same username won't be able to sign in.

Examples of username normalization

Identifier on providerNormalized username on GitHubResult
The.Octocatthe-octocatThis username is created successfully.
!The.Octocat-the-octocatThis username is not created, because it starts with a dash.
The.Octocat!the-octocat-This username is not created, because it ends with a dash.
The!!Octocatthe--octocatThis username is not created, because it contains two consecutive dashes.
The!Octocatthe-octocatThis username is not created. Although the normalized username is valid, it already exists.
The.Octocat@example.comthe-octocatThis username is not created. Although the normalized username is valid, it already exists.
internal\\The.Octocatthe-octocatThis username is not created. Although the normalized username is valid, it already exists.
mona.lisa.the.octocat.from.github.united.states@example.commona-lisa-the-octocat-from-github-united-statesThis username is not created, because it exceeds the 39-character limit.

About username normalization with SAML

If you configure SAML authentication for your GitHub Enterprise Server instance, GitHub Enterprise Server determines each person's username by one of the following assertions in the SAML response, ordered by descending priority.

  1. The custom username attribute, if defined and present
  2. An http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name assertion, if present
  3. An http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress assertion, if present
  4. The NameID element

GitHub Enterprise Server requires the NameID element even if other attributes are present. For more information, see "SAML configuration reference."

GitHub Enterprise Server creates a mapping between the NameID from the IdP and the username on your GitHub Enterprise Server instance, so the NameID should be persistent, unique, and not subject to change for the lifecycle of the user.

Note: If the NameID for a user does change on the IdP, the person will see an error message when signing in to your GitHub Enterprise Server instance. To restore the person's access, you'll need to update the user account's NameID mapping. For more information, see "Updating a user's SAML NameID."