Consideraciones sobre el nombre de usuario para la autenticación externa

About usernames with external authentication

You can configure external authentication for GitHub Enterprise Server using CAS, LDAP, or SAML. For more information, see About identity and access management.

When you use external authentication, your GitHub Enterprise Server instance automatically creates a username for each person when the person signs into your GitHub Enterprise Server instance through your external authentication system for the first time.

Usernames must not exceed 39 characters.

Note

If you use SAML with SCIM provisioning, users must be SCIM provisioned before using SAML single sign-on. If a user hasn't been provisioned, they won't be able to complete authentication on your GitHub Enterprise Server instance. For more information, see About user provisioning with SCIM on GitHub Enterprise Server.

About username normalization

Usernames for user accounts on GitHub can only contain alphanumeric characters and dashes (-).

When you configure CAS, LDAP, or SAML authentication (without SCIM), GitHub Enterprise Server uses an identifier from the user account on your external authentication provider to determine the username for the corresponding user account on your GitHub Enterprise Server instance. When SAML authentication is configured with SCIM, GitHub uses the SCIM userName attribute value sent from the IdP to determine the username for the corresponding user account. If the identifier includes unsupported characters, GitHub will normalize the username per the following rules.

GitHub will normalize any non-alphanumeric character in your account's username into a dash. For example, a username of mona.the.octocat will be normalized to mona-the-octocat. Note that normalized usernames also can't start or end with a dash. They also can't contain two consecutive dashes.
Usernames created from email addresses are created from the normalized characters that precede the @ character.
Usernames created from domain accounts are created from the normalized characters after the \\ separator.
If multiple accounts are normalized into the same username, only the first user account is created. Subsequent users with the same username won't be able to sign in.

Examples of username normalization

Identifier on provider	Normalized username on GitHub.com	Result
The.Octocat	`the-octocat`	This username is created successfully.
!The.Octocat	`-the-octocat`	This username is not created, because it starts with a dash.
The!!Octocat	`the--octocat`	This username is not created, because it contains two consecutive dashes.
The!Octocat	`the-octocat`	This username is not created. Although the normalized username is valid, it already exists.
`The.Octocat@example.com`	`the-octocat`	This username is not created. Although the normalized username is valid, it already exists.
`internal\\The.Octocat`	`the-octocat`	This username is not created. Although the normalized username is valid, it already exists.
`mona.lisa.the.octocat.from.github.united.states@example.com`	`mona-lisa-the-octocat-from-github-united-states`	This username is not created, because it exceeds the 39-character limit.

About username normalization with SAML

If you configure SAML authentication for your GitHub Enterprise Server instance, GitHub determines each person's username by one of the following assertions in the SAML response, ordered by descending priority.

The custom username attribute, if defined and present
An http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name assertion, if present
An http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress assertion, if present
The NameID element

GitHub requires the NameID element even if other attributes are present. For more information, see SAML configuration reference.

GitHub creates a mapping between the NameID from the IdP and the username on your GitHub Enterprise Server instance, so the NameID should be persistent, unique, and not subject to change for the lifecycle of the user.